Safety Planning Implementation and Reporting For EU Projects-Final

FUEL CELLS AND HYDROGEN 2 JOINT UNDERTAKING
(FCH 2 JU)
SAFETY PLANNING AND MANAGEMENT IN EU HYDROGEN

AND FUEL CELLS PROJECTS - GUIDANCE DOCUMENT
21 September 2021
NOTICE
This document is prepared by the European Hydrogen Safety Panel (EHSP) with the mandate and support
of the Fuel Cell and Hydrogen 2 Joint Undertaking (FCH 2 JU). Neither the FCH 2 JU nor the EHSP makes
any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy,
completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents
that its use would not infringe privately owned rights. Refereçnce herein to any specific commercial
product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily
constitute or imply its endorsement, recommendation, or favouring by the FCH 2 JU or the EHSP.
The views and opinions of authors expressed herein do not necessarily state or reflect those of the FCH 2
JU or the EHSP. Additionally, the document does not provide any approval or endorsement by the FCH 2
JU or the EHSP of any system(s), material(s), equipment or infrastructure discussed in the document.
i
DOCUMENT HISTORY
Version Release date Description

1 (181210)* 10 Dec 2018 First unpublished release version.
1.1 20 Dec 2018 Figures for fire triangle and explosion pentagon added.
1.2 21 May 2019 Second release after reformatting, minor editorial changes. The first
version to be published in the public domain.
1.3 21 Jun 2019 Addition of a failure tree description and reformatting/updating of
other figures. EIGA document on safety distances added as a
reference for checklist methods.
1.31 5 Jul 2019 ATEX and one reference added in the risk assessment (Appendix 4).
1.32 15 Nov 2019 Update of the references to European directives in Annex 2.
210426 26 Apr 2021 The title and structure of the document are changed, text amended
to include elements of safety plan implementation and safety
management.
210628 28 Jun 2021 Comments of reviewers are accepted.
210711 11 Jul 2021 Comments of TF1 Chair are accepted, Appendix 2 is amended.
210909 Comments of FCHJU processed and further editorial changes by TJ
210910 Added modification on Transport of dangerous goods; comment by
GM
2.0 21 Sept 2021 New major release version
Note: * - version number style is changed to “YYMMDD” starting from version “210426” for versions only.
ii
TABLE OF CONTENTS
1 INTRODUCTION............................................................................................................... 1
2 CONTENT OF SAFETY PLAN .............................................................................................. 2
2.1 Objectives .................................................................................................................................................. 2
2.2 An exemplary table of content of a safety plan ......................................................................................... 3
3 PREPARATION OF SAFETY PLAN ...................................................................................... 4
3.1 Project brief ............................................................................................................................................... 5

3.1.1 Description of a system, process or infrastructure to be developed by the project .................................... 5
3.1.2 Description of safety systems and their functions ....................................................................................... 5
3.1.3 Safety expertise and responsibilities in the project ..................................................................................... 5
3.1.4 Relevant RCS ................................................................................................................................................. 6
3.1.5 Best safety practices ..................................................................................................................................... 6
3.1.6 Schedule of the safety plan update and reporting ....................................................................................... 7
3.1.7 Composition, responsibilities and reporting schedule of a safety team ...................................................... 7
3.2 Description of technical hydrogen safety activities .................................................................................... 7

3.2.1 Identification of safety vulnerabilities, hazards and associated risks ........................................................... 7
3.2.2 The state-of-the-art ...................................................................................................................................... 8
3.2.3 Selection of incident scenarios ..................................................................................................................... 8
3.2.4 Content and methods of hydrogen safety engineering to be applied ......................................................... 8
3.2.5 Prevention and mitigation strategies and innovative engineering solutions ............................................... 8
3.2.6 Reporting results on hydrogen safety engineering progress and risk assessment as applicable ................. 8
3.3 Description of organisational safety activities ........................................................................................... 8

3.3.1 Description of work to be performed by staff that needs formal safety procedures .................................. 8
3.3.2 General safety considerations to prevent harm to people in a workplace ................................................ 10
3.3.3 Personnel training and education plan....................................................................................................... 10
3.3.4 Safety review procedures and/or self-audits ............................................................................................. 10
3.3.5 Emergency response arrangements ........................................................................................................... 11
3.3.6 Management of Change (MOC) procedures .............................................................................................. 12
3.3.7 Reporting on safety management and lessons learnt ................................................................................ 12
3.4 Other relevant documentation, safety procedures and outreach activities ............................................. 13
3.4.1 Positive data reporting ............................................................................................................................... 13
3.4.2 Emergency management procedures ........................................................................................................ 13
3.4.3 Dissemination plan of project findings in hydrogen safety, including closed knowledge gaps and
addressed technological bottlenecks ...................................................................................................................... 14
4 SAFETY PLAN IMPLEMENTATION, MONITORING AND REPORTING .................................. 14
4.1 Performing safety reviews ....................................................................................................................... 14
4.2 Implementation of hydrogen safety engineering process ........................................................................ 15
4.3 Examples of best practices in hydrogen safety engineering ..................................................................... 18

iii
4.4 Project safety documentation ................................................................................................................. 22
5 EUROPEAN HYDROGEN SAFETY PANEL ........................................................................... 23
Appendix 1. Hydrogen safety terminology and abbreviations .............................................................................. 24
Appendix 2. Applicable Regulations, Codes and Standards .................................................................................. 29

Legal framework ...................................................................................................................................................... 29
Regulations and standards ...................................................................................................................................... 29
Role and distinction ................................................................................................................................................. 29
EU legislation ........................................................................................................................................................... 30
Hydrogen gas regulations ........................................................................................................................................ 31
EU directives relevant for hydrogen ........................................................................................................................ 31
Hydrogen standards related to hydrogen ............................................................................................................... 35
Appendix 3. Known best practices to implement safety strategies ...................................................................... 38
Appendix 4. Methods for identification of safety vulnerabilities, hazards and risk assessment ........................... 40
Hazard and Operability Analysis (HAZOP) ............................................................................................................... 43
Risk Binning Matrix .................................................................................................................................................. 44
Failure Mode and Effect Analysis (FMEA) ................................................................................................................ 46
Appendix 5. Safety plan checklist ......................................................................................................................... 48
Appendix 6. Example of a safety plan ................................................................................................................... 50
iv
1 INTRODUCTION
This document is prepared by the European Hydrogen Safety Panel (EHSP)1, which was formed in 2017 by
the Fuel Cells and Hydrogen 2 Joint Undertaking (FCH 2 JU). The mission of the EHSP is to assist the FCH 2
JU in assuring that hydrogen safety is adequately managed both at the programme and at project levels,
and in the dissemination of an excellent hydrogen safety culture.
The document provides information on safety planning, implementation, and reporting for projects
involving hydrogen and/or fuel cell technologies. It does not intend to replace or contradict existing
regulations which prevail under all circumstances. Neither is it meant to conflict with relevant international
or national standards or to replace existing company safety policies, codes and procedures. Instead, this
guidance document aims to assist projects and project partners in identifying hazards and associated risks,
in prevention and/or mitigation of them through a proper safety plan, in implementing the safety plan,
and reporting safety related events. This shall help in safely delivering the project and ultimately producing
inherently safer systems, processes and infrastructure.
Sharing best practices in the production, storage, distribution and use of hydrogen is essential for the
provision of life safety, property and environmental protection. The long-term experience and
accumulated knowledge in hydrogen safety research and engineering gained by EHSP experts, many of
which are also members of the International Association for Hydrogen Safety (IA HySafe)2, is the basis of
this guidance document. The experience gained in communications with the US Hydrogen Safety Panel
and other international expert groups provided additional valuable input.
As hydrogen and fuel cell technologies gain a greater commercial foothold, safe practices in the
production, storage, distribution and use of hydrogen are essential for safe demonstrations, positive
perception and widespread public acceptance and trust.
The project is expected to be able to identify, study, analyse and report on hazards and associated risks,
prevention/mitigation strategies and engineering solutions of safety issues, formulate safety guidelines as
required. For emerging technologies like hydrogen technologies without broader experience and without
a robust accidents statistical database this safety engineering approach is best suited to protect life,
property and environment from adverse effects of incidents and accidents.
A safety plan should address potential hazards and associated risks to people, property and the natural
and built environment. It should include known and innovative measures to prevent and/or mitigate
identified hazards and risks, e.g. by performing hydrogen safety engineering. As an integral part of any
project, hydrogen installation, and fuel cell system, a safety plan should identify safety vulnerabilities,
suggest elimination or control of hazards and introduce mitigation measures to provide the risk at an
acceptable level. Appropriate communications on safety issues between the project consortium and
external parties are equally important and should be described in the safety plan, including how the plan
will be implemented, including its monitoring and reporting as required. The safety-related documents
and processes should be revised periodically to reflect new knowledge and best practices.
Off-normal conditions, incidents, near-misses and accidents associated with the project, especially root
courses, failure mechanisms and lessons learnt shall be reported and transferred to relevant databases.
The high frequency low consequences events are important as they are typically pre-cursors of more
severe accidents. Technical details may be reported in the public database HIAD 2.03. Even publication in
handbooks, papers, and other publications is appropriate and helps improving the safety knowledge base.
1
https://www.fch.europa.eu/page/european-hydrogen-safety-panel
2
https://hysafe.info/
3
https://odin.jrc.ec.europa.eu/giada/Main.jsp
1
2 CONTENT OF SAFETY PLAN
2.1 Objectives
A thorough and integrated approach to project safety planning, implementation, including continuous plan
delivery monitoring, and reporting need to address both technical and organisational tiers. EHSP suggests
that all projects, where a consortium sees potential hydrogen safety concerns, consider addressing
hydrogen safety in form of preparation of the safety plan at the initial stage.
The safety plan has to be drafted with a clear understanding that the plan would need to be further
updated, implemented and results to be reported internally and/or externally along the project lifetime.
The preparation of the project safety plan must involve all partners to a different extent as needed.
Besides, other stakeholders and/or third parties could be involved in the drafting of the safety plan, e.g.
first and second responders, entities with a track record and internationally recognised standing in the
field of hydrogen safety, etc.
The project safety plan aim is to develop technical and organisational activities to:
 Ensure that project outputs in a form of device, system, process and/or infrastructure provide an
adequate level of safety and follow or even improve the state-of-the-art
 Identify and address essential for the project success knowledge gaps and technological
bottlenecks if relevant; and
 Formulate activities providing a high level of technical and organisational safety activities in the
project delivery.
This aim can be achieved through the delivery of the following key objectives that should be reported in
relevant project deliverables:
 Review the state-of-the-art in safety provisions of systems and processes related to the project;
 Identify system or process vulnerabilities, select incident scenarios, including low-frequency high
consequences scenarios;
 Apply available hydrogen safety engineering models and tools to assess hazards and associated
risks for selected scenarios. In case of absence of models and tools, develop and validate new
models to perform hydrogen safety engineering for a system, infrastructure or process under
scope in the project;
 Continuously update the initial safety plan during the project to include new knowledge and
information, appoint safety professionals to thoroughly monitor the plan’s implementation by all
partners and the project as a whole, and report results on safety findings in the reports, databases,
through publications, etc.
A safety plan should be prepared based on the level of hazards, associated risks and system or process
complexity. The plan should cover all work being conducted, including experimental/operational activities,
with emphasis on the aspects involving hydrogen safety knowledge, hazardous materials, pressure
equipment, hydrogen safety system peculiarities, etc. There may be cases when an initial version of the
safety plan is developed. In the initial safety plan, elements such as hazards and associated risk analysis,
incident scenarios, prevention and mitigation techniques can be covered more generally without details.
It is recommended that a detailed description of the safety plan is prepared within the initial phase of the
project which should be followed by regular updates, e.g. in the form of project reports, to reflect new
information.
2
The threefold interconnected activities of the successful safety plan development and delivery are:
(a) Preparation of detailed safety plan by hydrogen safety experts,
(b) Monitoring of its progress during the entire project, and
(c) Reporting of results and observations as appropriate.
This is an established practice of proper planning to follow the so-called “WWW” principle that requires
explicitly define for each item of the plan “What” (unambiguous title for a work to be done) should be
done by “Whom” (names of responsible and contributing persons) and “When” (deadlines for milestones,
if needed, and final report).
The ultimate goal of the safety plan is to demonstrate that the consortium is able and willing to do
everything possible to prevent or at least mitigate hazards and associated risks during the project delivery
and that developed hydrogen system, process and/or infrastructure elements are providing the required
level of safety or even improve the state-of-the-art with regard to hydrogen safety. The safety plan should
demonstrate how the issue of life safety, property and environmental protection will be addressed. The
specific protection goals are:
 People. Hazards that pose a risk of injury or loss of life to people during the project delivery must
be identified and eliminated or mitigated to the risk at the same or lower level compared to
existing systems. A safety assessment should consider not only that personnel who are directly
involved in the work but also others who could be at a risk due to these hazards. The same is
applied to project outputs.
 Property. Damage to or loss of property, e.g. equipment or facilities, must be prevented or
mitigated by proper engineering works and organisational safety measures. Damage to equipment
can be both a cause of an incident and a result of an incident. An equipment failure can result in
collateral damage to nearby equipment and property, which can then trigger additional
equipment failures or even escalate with additional hazards and risks, e.g. through the domino
effect. Effective planning and implementation of the safety plan should not only declare how
safety will be provided but demonstrate how it will be achieved technically and organisationally.
 Environment. Hydrogen is a clean fuel. However, possible damage to the environment from
hydrogen systems or infrastructure, e.g. due to thermal or pressure effects of an incident, must
be prevented or mitigated. Any potential hazard to the natural or the built environment from a
hydrogen system or infrastructure in case of failure should be identified and considered in the
safety plan.
2.2 An exemplary table of content of a safety plan

This section gives, as guidance, prototypical elements and a reasonable structure of a project safety plan,
contained in an example of a possible table of content (ToC). Depending on the project nature items of
ToC could be changed, added or removed. The safety plan should be a “living document” that recognises
the type of work being conducted, the factors of human error, the nature of equipment design and
operation, and considers the inevitable changes that occur in project development and execution.
So, the following example of a “good” safety plan should not be considered as an exhaustive or mandatory
list of safety considerations for all projects.
3
Exemplary table of content of a safety plan
1. Project brief
 Description of a system, process or infrastructure to be developed by the project
 Description of safety systems and their functions, implementing the state of the art
 Safety expertise and responsibilities in the consortium
 Relevant RCS and safety policies
 Best safety practices
 Schedule of the safety plan update and deliverable reporting
 Composition, responsibilities and reporting schedule of a safety team
2. Description of technical hydrogen safety activities
 Identification of safety vulnerabilities, hazards and associated risks
 Selection of incident scenarios
 Content and methods of hydrogen safety engineering to be applied
 Prevention and mitigation techniques and strategies and innovative engineering solutions applied
 Reporting results on hydrogen safety engineering progress and risk assessment as applicable
3. Description of organisational safety activities
 Description of work to be performed by staff that needs formal safety procedures
o Operating steps
o Sample handling and transport
o Equipment and mechanical Integrity
o Other relevant work components
 General safety considerations to prevent harm to people in a workplace
 Personnel training and education plan
 Safety review procedures and/or self-audits
 Emergency response arrangements
 Management of change procedures
 Reporting on safety management and lessons learnt
4. Other relevant documentation, safety procedures and outreach activities
 Reports of near-misses, incidents and accidents, if any, and lessons learned for safety databases
 Dissemination plan of project findings in hydrogen safety, including closed knowledge gaps and
addressed technological bottlenecks
3 PREPARATION OF SAFETY PLAN

For the convenience of the project planning and implementation of the safety plan during the project
delivery, the elements of the model safety plan content listed in the previous chapter are overviewed in
this chapter, including the ways of their implementation. The text boxes provide useful background
information on the best safety practices or present exemplary implementations for certain project types.
This information is not exhaustive and should be thoughtfully considered during the regular updating of
the safety plan, and its implementation, including monitoring and reporting. Appendix 5. Safety plan
checklist” provides a controlling table for the assessment of a safety plan completeness with the
understanding that all elements of the ToC presented for the exemplary safety plan above are not
exhaustive and mandatory.
4
3.1 Project brief
This section should include a concise description of the project with a focus on safety aspects, both the
safety of the system, process or infrastructure to be developed/demonstrated and operational safety
management during the project delivery.
3.1.1 Description of a system, process or infrastructure to be developed by the project
The safety plan should describe the nature of the work to be performed in the project with an emphasis
on safety elements. It should preferably distinguish between laboratory-scale research, bench-scale
testing, engineering development (including safety engineering), prototype development, testing,
operation, demonstration application, etc. All intended project phases/relevant work packages should be
overviewed again with emphasis on safety issues and envisaged ways how they will be addressed.
It is important to assess the amount of hazardous materials generated, used, and stored. For example, the
plan should include the quantity of hydrogen and the form in which it will be handled and/or stored
(compressed gaseous, cryo-compressed or liquid). Description of how often the hydrogen is replenished
in storage and by what method (see Appendix 6. Example of a safety plan) is important as well. Even
laboratory-scale experiments may result in substantial hazards and associated risks when a quantity of
hydrogen or other hazardous material is used or stored in or near the laboratory and safety measures are
not properly planned and implemented. Hydrogen safety engineering shall be used for situations and
scenarios that cannot be addressed by existing RCS for whatever reason. The inclusion of a preliminary
layout, a flow diagram showing equipment such as PID, including a functional description of each
component with geometrical and flow parameters are very useful.
The plan should discuss the location of activities (description of facilities, types of personnel, other
operations/testing performed at the facility, adjacent facilities) and describe how the activities will be
coordinated. Any relevant permits that apply to current and planned operations should be listed.
The description of work for a hydrogen fuelling station, for example, should include information such
as the location of the station (at an existing gasoline station, close to a convenience store, etc.), the
number of assumed fills per day, the source (gaseous, liquid, electrolyser, reformer, etc.) and the
quantity of the hydrogen stored onsite, pipeline maximum pressures and diameters, vent pipe design
criteria, etc.
3.1.2 Description of safety systems and their functions
This section could be a stand-alone section or it can be embedded into the previous section with the
project nature description. A brief description of planned safety systems and elements should be
described. If existing knowledge does not address safety concerns of the system, process or infrastructure
elements that are under development in the project then the safety plan should describe how it is planned
to close identified knowledge gaps and technological bottlenecks. To this end, projects are recommended
to have a safety-related work package (WP) addressing safety considerations. In this case, the brief on this
WP content should be presented.
3.1.3 Safety expertise and responsibilities in the project
Early identification of professional safety expertise in the project is important. Hydrogen safety experts
should be involved as early as possible, preferably at the initial stage, to ensure that relevant RCS, safety
engineering knowledge, best practices and procedures are properly accounted for, described and
consistently applied as part of the project implementation. The expertise should be sought in safety
relevant activities that could include but not limited to:
 Safety analysis of a system, process or/and infrastructure documentation ensuring that safety
issues are properly addressed and budgeted to close the most important knowledge gaps and
technological bottlenecks.
5
 Reviewing RCS and safety engineering solutions to assist with approval of project outcomes if
needed.
 Inspecting and performing regular reviews of the installation to ensure the safe execution of the
project.
 Investigation of near-misses, incidents and accidents, formulation of lessons learned and reporting
to databases and publicly available sources like conference and journal papers.
 Understanding of knowledge gaps and technological bottlenecks in the area of the project.
 Track record in performing hydrogen safety research and/or engineering, etc.
3.1.4 Relevant RCS

Compliance with provisions set out in Regulations, Codes and Standards (RCS) is not a subject for debate.
Safety planning must account for relevant Regulations, Codes and Standards (RCS), including international,
national, and regional, as appropriate. Regulations establish minimum safety requirements. Nevertheless,
compliance with the provisions of relevant RCS does not prevent to use new knowledge not yet included
in RCS but published elsewhere.
Compliance with applicable regulations and referred standards is essential for ensuring public confidence
in hydrogen projects, particularly for those demonstrating or deploying new technologies. Where strict
compliance for a specific design, installation, and/or operation cannot be achieved, and alternatives are
proposed, a sound technical basis should be formally agreed upon by all the relevant parties, including
authorities. Relevant European Regulations and international standards are listed in Appendix 2. It should
be recognised that some RCS require safety testing which needs to be adhered to.
As stated above, projects should recognise that RCS does not answer all safety questions, especially when
new systems, processes and infrastructure are to be developed and demonstrated. In such situations,
hydrogen safety research and engineering are seen as the only way forward.
Project teams should consult local authorities early in the project. Early engagement will facilitate a greater
understanding of the local requirements, which in some cases could be more restrictive than European or
national regulation.
So, the purpose of a safety plan is far beyond the identification of vulnerabilities, hazards and associated
risks. Its monitored implementation combined with a profound understanding of hydrogen safety
engineering and operational safety and open communication are key elements of proper safety
management.
3.1.5 Best safety practices
The best practices and underpinning safety strategies relevant to the project should be reflected in the
safety plan already at the initial stage, along with identified at that time system safety vulnerability,
hazards and associated risks. Hazards and risk assessment procedure, e.g. as a part of hydrogen safety
engineering of a system, process or infrastructure could be identified either at the preparatory stage or at
the start of the project.
Appendix 3 gives examples of known best practices to implement safety strategies when preparing the
safety plan. In this appendix, some further references to best practice summarized in RCS, databases and
hydrogen safety guidelines developed by European projects are also provided. In particular, they include:
 Recommendations for the approval of hydrogen fuelling stations (the HyApproval project output).
 Guidelines for permitting of small to medium-sized stationary fuel cell systems (the HYPER project
outcome).
 Framework for teaching hydrogen basic issues for public authorities (the HyFacts project output).
 European Guidelines on Inherently Safer Use of Hydrogen Indoors (the HyIndoor project
outcome).
6
 European Guide for First Responders (the HyResponse project outcome).
 European Model Evaluation Protocol (the SUSANA project outcome).
 Safety assessment of liquid hydrogen production, transport and storage of LH2 on large scale (the
IDEALHY project output).
 Venting of hydrogen-air deflagrations in containers accommodating hydrogen technologies (the
HySEA project outcome).
More hydrogen safety guidelines will be available after the completion of two FCH 2 JU projects: PRESLHY
“Pre-normative research for safe use of liquid hydrogen” (May 2021), and HyTunnel-CS “Pre-normative
research for safety of hydrogen driven vehicles and transport through tunnels and similar confined spaces”
(expected in March 2022).
3.1.6 Schedule of the safety plan update and reporting
It is recommended that an initial (draft) safety plan is developed at the preparatory stage of the project,
which should be fully developed at the beginning of the project and then updated regularly reflecting the
progress in hydrogen safety provisions in the project delivery and of its outcomes, i.e. systems, processes
and/or infrastructure elements.
3.1.7 Composition, responsibilities and reporting schedule of a safety team
The project safety team should include representatives having education, training and experience in
dealing with safety issues. The team can be composed of two groups of experts, the technical team
responsible for solving challenging hydrogen safety issues and the operational management team dealing
with overall safety arrangements beyond the specific hydrogen safety issue. The composition and
responsibilities of both groups should be identified at the initial stage (at least at the level of organizations
if no decision yet is taken on personalities). External safety experts and representatives of local authorities
and first responders could be co-opted to the project hydrogen safety team as appropriate.
The technical safety team will perform hydrogen safety research and engineering and relevant activities
described in the safety plan. It is recommended that the technical team includes the experienced safety
representative of the project coordinator, hydrogen safety researchers and experts, technology
developers, system designer and integrator, field engineers and technicians, etc. The main goal of the
technical safety team is the identification of safety problems and potential incident scenarios, performing
hydrogen safety engineering by contemporary methods and tools, e.g. validated CFD and FEM models, to
assess consequences of incidents to people, property and environment, and reporting results as
appropriate.
The responsibilities of the operational management team include planning, monitoring and reporting on
arrangements of safety based on established general safety procedures available at each organization
involved in the project. The composition of this group of safety professionals does not require pre-existent
knowledge and expertise in hydrogen safety. The close work together of the technical and the operational
management team will disseminate hydrogen safety culture and knowledge to a wider number of
stakeholders whose work is related to safety.
The results of the safety studies and general safety provisions have to be reported throughout the project
by both parts of the safety team, i.e. technical and operational management team.
3.2 Description of technical hydrogen safety activities
3.2.1 Identification of safety vulnerabilities, hazards and associated risks
Identification of safety vulnerabilities and hazards by the safety team precedes the development of
scenarios to be investigated by the safety engineering sub-group. It should be clear to the team that the
focus should be on hydrogen safety engineering/design as uncertainties in risk assessment for emerging
technologies could be so huge that the usefulness of the quantitative risk assessment (QRA) could be
7
questioned, and the risk assessment exercise could be used only as a method of identification of safety
vulnerabilities and hazards.
3.2.2 The state-of-the-art
The safety plan should demonstrate that the consortium partners know the state-of-the-art in the project
area. The track record and experience of some partners in hydrogen safety research and engineering (as
relevant to a particular project) is an added value to the project and could underpin the development of
competitive inherently safer products.
3.2.3 Selection of incident scenarios
Development of incident scenarios using identified–by-the-team vulnerabilities and hazards of a system
or a process or infrastructure is an important part of safety studies on assessment of consequences of
incidents and thus evaluation of risk for life and property loss.
3.2.4 Content and methods of hydrogen safety engineering to be applied
The scope of hydrogen safety engineering work, hazard, risk and safety assessments, to be performed in
the project should be formulated and presented in the safety plan. The methods of hydrogen safety
engineering to be applied should be described if they were already defined (preparatory stage) or applied
(regular updates of the safety plan). The professional safety experts within the team could apply a
combination of theoretical, numerical and experimental methods. To perform consequences analysis of
scenarios selected by the safety team, these experts could use deterministic, comparative and probabilistic
methods or any combination of these elements.
3.2.5 Prevention and mitigation strategies and innovative engineering solutions
Hydrogen is not more or less dangerous compared to other fuels provided it is dealt with professionally. A
strong indicator of safety professionalism is the ability of the project team to develop breakthrough safety
strategies and innovative engineering solutions that are necessary to produce competitive on the market
products. In general, it is more efficient to invest in the engineering of an inherently safer system rather
than spend time and money on quantitative risk assessment in circumstances when there are no failure
statistics available for emerging technologies. The last statement does not belittle the risk assessment but
indicates a stronger role of engineering in the development of inherently safer hydrogen technologies.
3.2.6 Reporting results on hydrogen safety engineering progress and risk assessment as applicable
Reporting of results is the final stage of the important management principle “plan - monitor - report”.
The safety plan should be prepared in the way that its monitoring and reporting are clearly defined both
in timing and expected results at the particular stage.
3.3 Description of organisational safety activities
3.3.1 Description of work to be performed by staff that needs formal safety procedures
The safety plan should describe how the safety policies and procedures of the organisations involved in a
project are implemented for the work being performed. Project team members’ involvement is important
in the development and implementation of a comprehensive project safety plan, its monitoring and
reporting as required.
All project phases should be addressed as applicable in the safety plan and during its implementation. The
plan should list existing and planned design, installation/commissioning, operations, and maintenance
procedures that describe the steps for the system, apparatus, equipment, facility, etc. It should also
reference specific safe work practices used to control hazards during operations such as lockout, confined
space entry, opening equipment or piping, and control over entrance into a facility by maintenance,
contractor, laboratory, or other support personnel.
8
There are established formal procedures for performing hazardous operations and research in
organisations. They must be followed. These works could and could not include dealing with hydrogen. In
case of hydrogen being involved in the operation, the close collaboration with the technical team, which
ideally includes hydrogen safety experts, is encouraged. Other hazardous operations that exclude the use
of hydrogen must be performed following the established safety guidelines and procedures. The whole
chain of project activities should be detailed in the safety plan. This could include but is not limited to
consideration of:
 Operating steps.
 Sample handling and transport.
 Equipment and mechanical Integrity.
 Other relevant work components.
Procedures should be updated promptly to reflect changes to chemicals and other materials, equipment,
technologies and facilities.
Sample handling and transport
The plan should discuss any anticipated transport of products and materials and identify the relevant
policies and procedures that are in place to ensure their proper handling.
Equipment and mechanical integrity
The plan should describe how the integrity of equipment, piping, tubing, and other devices associated with
the hazardous material handling systems will be assured during operation. An important ingredient in this
regard is the plan for regular checks and inspections. Other elements are listed in the box below.
Background Information on equipment and mechanical integrity may consist of:
 Written procedures.
 Proper design, testing, commissioning, use and decommissioning.
 Use of fail-safe features.
 Validation of materials compatibility.
 Preventative maintenance plan.
 Signed installation protocols, checks respectively.
 Calibration of safety-related devices. The frequency should be consistent with applicable
manufacturers' recommendations, adjusted as indicated by operating experience.
 Testing and inspection. The types and frequency of inspections and testing should be
consistent with applicable manufacturers' recommendations, adjusted as indicated by
operating experience.
 Training for maintenance, calibration, testing, and inspection personnel.
 Documentation. Each calibration, inspection, and test should be recorded. Typical records
include the date, name of the person, an identifier of the device, description of what was done,
and results. Any deficiencies outside acceptable limits should be highlighted.
 Correcting deficiencies that are outside acceptable limits.
Procedures should be developed for each laboratory-scale or plant process with the active involvement of
the project team members. The written procedures should provide instructions on how to safely conduct
the operations. The procedures should include:
 Steps for each operating phase, such as start-up, normal operation, normal and emergency
shutdown.
 Operating limits.
 Safety considerations, such as precautions necessary to prevent exposure.
 Measures to be taken if physical contact or airborne exposure to hazard occurs.
9
 Safety systems and their functions.
3.3.2 General safety considerations to prevent harm to people in a workplace
This section could be prepared as a stand-alone section or could be embedded into the previous one with
the description of an overall work to be performed that requires adherence to established formal
procedures.
3.3.3 Personnel training and education plan

Hydrogen technologies is an emerging area. The number of specialists in a particular area is growing yet
can be limited. Training and education programmes are under development. This is probably even more
relevant to hydrogen safety. The above underlines the importance of not only having educated in
hydrogen safety personnel but a structured plan for training and education of as many persons as possible.
It could be done at different levels, e.g. technicians and engineers, through established educational and
training programmes at universities and colleges, continuous professional development (CPD) courses, ad-
hoc training events tailored to the project needs, etc.
The personnel training and education plan should describe planned educational safety programs and
training related to the hazards associated with the project delivery. It should describe how each partner
administers the engagement of staff in hydrogen safety education and training, how the participation is
recorded and the growing level of hydrogen safety knowledge is verified. Both external education/training
of “trainers”, e.g. through the CPD route, and internal training of personnel have to be described.
Background Information and elements related to training and education.
 Initial training that includes an overview of the system/process/infrastructure, a thorough
understanding of operating procedures with emphasis on the specific for hydrogen safety and
health hazards, emergency operations including shutdown, and safe work practices applicable
to the personnel's job tasks.
 Refresher training that is provided to all personnel involved in operating a process to assure that
the personnel understand and adhere to the current standard operating procedures.
 Training documentation that shows all personnel involved in operating a process has received
and understood the training.
 For people maintaining process equipment, performing calibrations, etc., the training needs to
ensure that a person can safely perform the job tasks.
3.3.4 Safety review procedures and/or self-audits
The project safety plan and the report on its delivery could include safety reviews that are conducted, as
part of the hydrogen safety engineering approach during the system/process/infrastructure design stage,
development and testing, and finally demonstration and operational phases, see also Figure 4-1. The
involvement and responsibilities of individual project staff members in such reviews, and when and how
the reviews will be documented should be included. In most cases, the safety reviews conducted for a
project could include the following:
 Early project ISV. The identification and safety vulnerabilities (ISV) and hazards early in the project
to identify major safety concerns that may affect the cost, timing and safety aspects of the project
outcomes.
 Design stage ISV. The identification of safety vulnerabilities and hazards when the design is nearly
complete to identify safety concerns related to the details of the project.
 Pre-start-up safety review. A review to make sure that all the hazards and risk reduction plans
have been implemented and that all appropriate examination, inspection, and testing have been
completed.
10
 Other safety reviews. Reviews that may be needed during the life of the project, including those
required by organisational policies and procedures, must be included in the safety plan report.
The development of prevention and mitigation measures is usually done in conjunction with the ISV, which
identifies vulnerabilities and hazards, defines potential incident scenarios. The purpose of a mitigation
plan is to eliminate or reduce significant hazards and associated risks. The plan should describe prevention
and mitigation measures for the significant safety vulnerabilities previously identified. Mitigation
addresses all phenomena that can result in pressure and thermal effects harming people and damaging
property and the environment: unignited hydrogen releases and effects of ventilation and/or inerting,
safety strategies to limit flammable atmospheres, etc.; proper ways of dealing with ignition and extinction,
including cases when the ignition is desirable to exclude accumulation, e.g. releases through discharge line
from a thermally-activated pressure relief device (TPRD); ignited releases (jet fires); mitigation of
deflagrations by venting technique; prevention of Deflagration to Detonation Transition (DDT) and
detonation; prevention of tank rupture in a fire to exclude blast wave, fireball and projectiles, etc.
The mitigation systems could be active and passive. The general rule for an integrated fire and explosion
protection system is the demonstration that in case of failure of the active system the passive protective
system still will provide the reduction of hazards and associated risks to the acceptable level.
The plan should describe how the project team will verify that safety-related procedures and practices are
being followed through the duration of the project and continued for the forthcoming use of the
equipment, system, process or infrastructure.
3.3.5 Emergency response arrangements
The safety plan should describe the emergency response procedures that are in place, including
communication and interaction with neighbouring occupancies and local emergency response officials. A
suitably trained emergency response force is an essential component of a viable deployment of hydrogen
system and/or infrastructure. The project personnel need to understand how to respond to an incident.
The project team should work with their local first and second responders to inform them about hazards
and associated risks. The project team should inform the first responders about available training materials
and platforms relevant to hydrogen technologies, e.g. outcomes of HyResponse4 and HyResponder5
projects and similar overseas resources like the H2Tools in the USA6. These include not only information
on the physical properties and hazards of hydrogen itself, intervention tactics and strategies, but also
technical details and specific hazards associated with the hydrogen systems, e.g. high-pressure equipment,
electrolysers, electrical circuits, etc.
Due to fast progress in emerging hydrogen technologies, including breakthrough safety technologies, the
responders are encouraged to undergo continuous professional development (CPD) training. The project
team has to engage with local responders at the earliest convenience, i.e. at the preparatory stage. The
responders should be made aware of the available education and training opportunities, including those
listed in the observatory of the FCH 2 JU7.
The training of the relevant partners’ staff must always be done in coordination with the external
emergency services. The interaction with emergency services starts with hazards and associated risk
analysis and follow-up management. The hazards and risks are excluded as much as possible. The focus is
then on the prevention of incidents/accidents at the installation and/or plant. This is in addition to
4
http://hyresponse.eu/index.php
5
https://hyresponder.eu/
6
https://h2tools.org/ and https://h2tools.org/firstresponder
7
https://www.fchobservatory.eu/observatory/education-and-training
11
frequent joint training of emergency procedures in the form of accident/disaster drills. The training
together with professionally prepared well in advance rescue information (intervention plans and
procedures, emergency and evacuation plans) is crucial to success. These plans should be prepared and
updated based on critical and relevant technical information discussed between the project team and local
emergency services as relevant. The installation details and the specific emergency operation procedures
for different incident scenarios must be known to the intervening emergency service. Dedicated
consultations, e.g. regarding the installation of a draining system in the construction plans of the plant,
and joint exercises and training are very important to tackle successfully incidents/accidents if they
happen.
3.3.6 Management of Change (MOC) procedures
The plan should describe the method that will be used to review proposed changes to materials,
technology, equipment, procedures, personnel, and facility operation and their effect on safety
vulnerabilities. The MOC procedure should identify the appropriate project team members that are
making a suggestion (with reasoning) and who must approve changes. All materials or equipment that is
not replaced “in-kind” should be reviewed. For example, if a regulator was replaced by an item with a
different model or by one that was constructed of a different material, that would require a documented
management of change. Changes to operating procedures would also be handled as a MOC to help avoid
unanticipated safety concerns. A MOC review is required for any change that affects the original hazard
identification, risk assessment or system safeguards.
3.3.7 Reporting on safety management and lessons learnt
Knowledge gained throughout a project can be an important asset in the effective safety provisions within
the project and beyond its formal duration. The reporting should describe the progress in safety operations
and management. It could include the comparison of previously applied and developed during the project
inherently safer arrangements, the effect of the degree of experience of the personnel, including
education and training in hydrogen safety, etc.
The plan should describe how safety events, i.e. accidents, incidents and near-misses, will be handled by
the team. The plan description should include:
 The reporting procedure within the organisation.
 The method and procedure used to investigate events.
 How corrective measures will be implemented.
 How lessons learned from incidents and near-misses are documented and disseminated, e.g.
through the hydrogen incident and accident database (HIAD 2.0) managed by the Joint Research
Centre of the European Commission.
By learning about the likelihood, severity, causal factors, setting, and relevant circumstances regarding
safety events, teams are better equipped to prevent similar, perhaps more serious, events in the future.
To be effective, this process requires a thorough investigation, a comprehensive report, and a great deal
of information sharing as openly and thoroughly as possible.
An incident is an event that results in:
 A lost-time accident and/or injury to personnel.
 Damage to project equipment, facilities or other property.
 Impact on the public or environment.
A near-miss is an event that, under slightly different circumstances, could have become an incident.
Examples include:
12
 Any unintentional hydrogen release that ignites, or is enough to sustain a flame if ignited and does
not fit the definition for an incident.
 Any hydrogen release that accumulates above 25% of the lower hydrogen flammability limits in the
air within an enclosed space and does not fit the definition of an incident.
Accidents with major damage, injuries or losses of life will initiate public investigations. Here national
regulation will impose procedures which are not controlled by the project partners.
Background Information.
The investigation of a near-miss or an incident should be initiated as promptly as possible. An event
investigation team should preferably consist of at least one member who is independent of the project
team, at least one person knowledgeable in the process chemistry and actual operation of the
equipment and process, and other persons with the right knowledge in hydrogen safety and experience
to thoroughly investigate and analyse the incident. The event report should include:
 Date
 Cause of the event
 Searchable keywords
 Summary of the event
 The severity of the event
 Lessons learnt
 Possible measures to prevent the event
 Possible measures to mitigate the event
 The information available on rescue and firefighting actions
 If the event was caused by the failure of a specific part, what might have been done to prevent this?
 What short- and long-term solutions should be put in practice to prevent and mitigate such events?
 References
The team should promptly address and resolve the incident report findings and recommendations.
Resolutions and corrective actions should be documented in the JRC database HIAD 2.08.
Sharing information on safety related experience, including lessons learnt and consequences of incidents
and accidents, frequency, technical details and the effect of human factors are of paramount importance
for the effective deployment of safe hydrogen systems and infrastructure. This information must be
reported regularly, for example along with the updated safety plan.
3.4 Other relevant documentation, safety procedures and outreach activities
3.4.1 Positive data reporting
Not only the “negative” data on mishaps and accidents is relevant, but also the “positive” data about
phases, distances, and cycles with perfect as designed operations are important for providing a reference.
In most cases, however, these data are requested within the regular project reporting anyhow. Integrating
this reporting in your safety management reporting will help deriving appropriate statistics and a more
complete and balanced view on the safety performance in general.
3.4.2 Emergency management procedures
There might be the need to detail and prepare information material in case of an accident. This could
include information material for upper management, general public and media. Also recommendation for
cleaning up the concerned area and for fast recovery of operations could be compiled.
8
https://odin.jrc.ec.europa.eu/giada/Main.jsp
13
3.4.3 Dissemination plan of project findings in hydrogen safety, including closed knowledge gaps and
addressed technological bottlenecks
The project team is encouraged to include the plan of generation and sharing useful safety information
beyond the project partners to all stakeholders as appropriate.
4 SAFETY PLAN IMPLEMENTATION, MONITORING AND REPORTING

The availability of a safety plan without a clear understanding of how the plan will be implemented, i.e.
made effective, does not make sense. This chapter gives comments on the content of the safety plan that
could assist with its implementation. It provides useful examples and best practices in the implementation
of the safety plan.
The safety plan should unambiguously describe how it will be implemented, including its continuous
monitoring and reporting in respective documents. Both the technical safety team and the operational
safety management team implement their parts of the plan. The progress monitoring and
intermediate/final reports on the safety plan delivery should be made available to all project partners and
potentially to external partners, e.g. stakeholders, advisory board members, as applicable.
4.1 Performing safety reviews
For the safety reviews, appropriate techniques for identifying hazards and vulnerabilities and, in case, for
assessing risks must be chosen. The safety review is the formal mean for identifying potential hazards and
safety issues associated with laboratory or process steps, materials, equipment, operations, facilities,
personnel, etc. The hazards, risk and safety assessments typically try to quantify the risks and discriminate
acceptable and non-acceptable risks with appropriate acceptance criteria. The safety reviews, disregarding
what type, must be documented. This documentation should include at least the following:
 The selected safety review method(s).
 The leader of the safety review team and the team composition.
 The responsible person to implement the results of the review and assisting team composition.
 Incident scenarios identified as a part of ISV exercise, e.g. high consequence low-frequency events,
etc.
 Significant hazards, vulnerabilities and, in case, associated risks identified.
 Safety-critical equipment, processes, elements of infrastructure, etc.
The first safety review should address at least the following questions:
 What are the protection targets?
 What hazard associated with a system design, installation, or operation is likely to result in an
incident?
 What hazard has the potential to result in a worst-case scenario?
Hazards are typically associated with an inventory of hazardous materials, potential energy in storage that
can be calculated as a product of volume and pressure, and hazardous actions, that cannot be excluded
because they are implied by the technological process.
14
Hazardous materials. The plan should discuss the storage and handling of hazardous materials and
related topics including possible leaks and accumulation, ignition sources, fire and explosion
hazards, material interactions, the likelihood of creating a combustible mixture, the potential for
overpressure, and detection. For hydrogen handling systems, the plan should describe the source
and supply, storage and distribution systems including volumes, pressures, state (gaseous or
liquid) and estimated use rates and typical flow rates .
Safety vulnerabilities are those elements of a system or a process that allow a hazard to realise. For all ISV
methods, it is essential to identify all potential failure modes and associated hazards.
Failure modes. In general, a good safety plan identifies immediate (primary) failure modes as well
as secondary failure modes that may come about because of other failures. For effective safety
planning, an attempt is made to identify every conceivable failure, from catastrophic failures to
benign collateral failures. Identification and discussion of perceived benign failures may lead to
the identification of more serious potential failures .
The method used for the first safety review is often different from the methods used for the later reviews.
This comes naturally with the development process and with more details available when the design of
the system matures. Typical safety review (or ISV) and risk assessment methods are described in Appendix
4. M e t h o d s for identification of safety vulnerabilities, hazards and risk assessment”.
4.2 Implementation of hydrogen safety engineering process
Hydrogen safety engineering is defined as an application of scientific and engineering principles to the
protection of life, property and environment from adverse effects of incidents involving hydrogen9. It is
seen as the most efficient way of developing inherently safer systems, processes and infrastructure in
emerging technical areas where RCS is in the process of development and for this reason not sufficient to
fully underpin safe design and operations.
The hydrogen safety engineering process includes three main steps shown in Figure 4-1. Firstly, a
qualitative design review (QDR) is undertaken by a safety team. The team can include project managers,
owners, hydrogen safety engineers, architects and designers, representatives of authorities having
jurisdiction, e.g. emergency services, and other stakeholders. The team defines incident scenarios, e.g. by
undertaking ISV reviews, suggests trial safety designs, and formulates acceptance criteria. Secondly,
quantitative safety analysis of the selected scenarios and trial designs is carried out by qualified hydrogen
safety engineer(s) using state-of-the-art knowledge in hydrogen safety science and engineering and
validated models and tools. Thirdly, the performance of the hydrogen system under the trial safety designs
is assessed against predefined acceptance criteria.
9
Fundamentals of hydrogen safety engineering, free download eBook, www.bookboon.com, 2012.
15
Figure 4-1: The schematic presentation of the hydrogen safety engineering process.
The QDR is a qualitative process based on the team’s experience and knowledge. It allows its members to
establish a range of safety strategies and propose engineering solutions. Ideally, QDR has to be carried out
early in the design process and in a systematic way, so that any substantial findings and relevant items can
be incorporated into the design of the hydrogen system, process or infrastructure before the working
drawings are developed. In practice, however, the QDR process is likely to involve some iterations as the
design process moves from a broad concept to greater detail.
Safety objectives should be defined during the QDR. They should be appropriate to the particular aspects
of the system design, as hydrogen safety engineering may be used either to develop a complete hydrogen
safety strategy or to consider only one aspect of the design.
The main hydrogen safety objectives are safety of life, loss control and environmental protection. The QDR
team should establish one or more trial safety designs taking into consideration selected accident
scenario(s). The different designs could satisfy the same safety objectives and should be compared with
each other in terms of cost-effectiveness and practicability. At first glance, trial designs must limit hazards
by implementing preventive measures and ensuring the reduction of severity and frequency of
consequences (thus aiming to the reduction of associated risks). Although hydrogen safety engineering
provides a degree of freedom, it is mandatory to fully respect relevant regulations when defining trial
designs.
The QDR team has to establish the acceptance criteria against which the performance of a design can be
judged. Three main methods can be used: deterministic, comparative, and probabilistic. Depending on
trial designs, the QDR team can define acceptance criteria following all three methods. The QDR team
should provide a set of qualitative outputs to be used in the quantitative analysis: results of the
architectural review; hydrogen safety objectives; significant hazards and associated phenomena;
specifications of the scenarios for analysis; one or more trial designs; acceptance criteria and suggested
methods of analysis. Following QDR, the team should decide which trial design(s) is likely to be optimum.
The team should then decide whether the quantitative analysis is necessary to demonstrate that the
design meets the hydrogen safety objective(s).
16
Following the QDR, a quantitative analysis may be carried out using for example validated contemporary
models and tools where various aspects of the analysis can be quantified by a deterministic or a
probabilistic study. The quantification process is preceded by the QDR procedure for two main reasons:
(1) to ensure that the problem is fully understood and that the analysis addresses the relevant aspects of
the hydrogen safety system, and (2) to simplify the problem and minimise the calculation effort required.
Besides, the QDR team should identify appropriate methods of analysis among the following: simple
engineering calculations; CFD and/or FEM simulations; simple or full probabilistic study, etc. A
deterministic study using comparative criteria will generally require fewer data and resources than a
probabilistic approach and is likely to be the simplest method of achieving an acceptable design. A full
probabilistic study is only likely to be justified when a substantially new approach to hydrogen system
design or hydrogen safety practice is being adopted. The analysis may be a combination of some
deterministic and some probabilistic elements.
Following the quantitative analysis, the results should be compared with the acceptance criteria identified
during the QDR exercise. Three basic types of approach can be considered to access the performance of
safety system against acceptance criteria:
 The deterministic approach shows that based on the initial assumptions a defined set of conditions
will not occur.
 The comparative approach shows that the design provides a level of safety equivalent to that in
similar systems and/or conforms to prescriptive codes (as an alternative to performance-based
hydrogen safety engineering process).
 The probabilistic approach shows that the risk of a given event occurring is acceptably low, e.g.
equal or below the established risk for similar existing systems.
If none of the trial designs developed by the QDR team satisfies the specified acceptance criteria, QDR and
quantification process should be repeated until a hydrogen safety strategy satisfies acceptance criteria
and other design requirements. Several options can be considered when re-conducting QDR following the
existing recommendations: development of additional trial designs; adoption of the more discriminating
design approach, e.g. using deterministic techniques instead of a comparative study; re-evaluation of
design objectives, e.g. if the cost of hydrogen safety measures for property loss prevention outweighs the
potential benefits. When a satisfactory solution has been identified, it should be fully documented.
Depending on the particularities and scope of the hydrogen safety engineering study, the reporting of the
results and findings could contain the following information:
 Objectives of the study.
 Description of the hydrogen system/process/infrastructure.
 Results of the QDR.
 Quantitative analysis, including assumptions; engineering judgments; calculation procedures;
validation of methodologies; sensitivity analysis, etc.
 Assessment of analysis results against criteria.
 Conclusions: hydrogen safety strategy; engineering solutions; management requirements; any
limitations on use, etc.
 References, e.g. drawings, design documentation, technical literature, etc.
To simplify the evaluation of a hydrogen safety engineering design, the quantification process can be
broken down into several technical sub-systems (TSSs). The following requirements should be accounted
for the development of individual TSS:
 TSS should together, as reasonably as possible, cover all possible aspects of hydrogen safety
engineering.
17
 TSS should be balanced between their uniqueness or capacity to be used individually and their
complementarities and synergies with other TSSs.
 TSS should be a selection of state-of-the-art in the particular field of hydrogen safety, validated
engineering tools, including empirical and semi-empirical correlations and contemporary tools
such as validated CFD and FEM models.
 TSS should be flexible to allow the update of existing or use of new appropriate and validated
methods, reflecting recent progress in hydrogen safety science and engineering.
The following TSSs can be considered:

 Initiation of release and dispersion.
 Ignitions and extinction, e.g. flame blow-off with reduction of pressure in the storage due to
blowdown.
 Deflagrations, a transition from deflagration to detonation (DDT), and detonations.
 Fires.
 The blast wave, fireball and projectiles after hydrogen storage tank rupture in a fire.
 Safety strategies, including prevention and mitigation techniques.
 Emergency services intervention.
Practically all TSS should include consideration of both pressure and thermal effects that harm people and
damage property and the environment.
Hydrogen safety engineering is a powerful tool for the provision of hydrogen safety by qualified specialists
in the growing market of hydrogen systems and infrastructure. Last but not least, hydrogen safety
engineering can secure a high level of competitiveness for hydrogen and fuel cell technologies.
4.3 Examples of best practices in hydrogen safety engineering
The safety plan is expected to incorporate best practices in hydrogen safety engineering, including well-
established safety principles. Examples of such best practices are presented and shortly described in this
section.
Best practice or safety principles are presented along with prototypical sequences of events characterising
an accident with a flammable gas like hydrogen. The corresponding phenomena and consequences
diagram developed by the pre-normative research HyIndoor project and included in the project guidelines
is shown in Figure 4-2. It is focused on scenarios with the use of hydrogen in an enclosure. Scenarios in
closed rooms are more critical than scenarios in open spaces and cover conservatively those cases. The
quantitative assessment of hazards of these phenomena and their consequences can represent a central
part of a safety review (or ISV), safety assessment or hydrogen safety engineering.
18
Figure 4-2: Phenomena and consequences diagram for indoor use of hydrogen.
White boxes in Figure 4-2 represent various phenomena, starting with the development of hydrogen leak,
and Grey boxes show potential consequences. Note that even if no immediate ignition has occurred (lower
branch), a subsequent chain of events can lead to delayed ignition leading to a transition to the upper
branch, as indicated by the arrow in circle pictograms.
The example of a prototypical gas explosion, contained in the lower part of Figure 4-2, is shown
additionally as an escalating event in Figure 4-3. Best safety practices recommend either to remove or at
least limit the effects of essential elements in this chain of events (represented as blocks in Figure 4-3) or
introduce barriers at the transitional stages (represented as red vertical bars in Figure 4-3). Acting on a
single block can reduce the hazards and associated risks, limit the consequences or even prevent an
accident. However, the earlier the escalation path is interrupted by a barrier (the further to the left in
Figure 4-3 we are), the more efficient and cost-effective is the prevention/mitigation safety system.
It should be noted that even if the escalation may be stopped successfully at an early stage, certain hazards
still will exist (see again Figure 4-2). A comparatively small unignited release or a jet fire, for instance, will
not generate destructive explosion loads but still imply thermal loads that should be addressed to exclude
the “domino effect” in the development of the incident.
19
Figure 4-3: Example of escalation path in a gas explosion accident with potential barriers indicated as red
barriers.
Developed by the international hydrogen safety community, safety strategies and derived safety strategies
serve as hazard and associated risk-reducing measures on the various elements of the chain of events. The
list of several widely used safety strategies is presented in Table 4-1. The list is not exhaustive and the
development of innovative safety strategies and engineering solutions during the project delivery is
expected to further improve the competitiveness of the project outputs, make them inherently safer and
provide a level of life safety, property and environmental protection at least at the same level or higher
compared to existing fossil fuel technologies.
Table 4-1. The widely used safety principles/strategies and organisational measures.
No. Exemplars of safety principles/strategies
1 Limit hydrogen inventories, especially indoors, to what is technologically necessary.
2 Avoid/limit the formation of a flammable mixture, e.g. by using ventilation or reducing release size.
3 Carry out ATEX zoning analysis.
4 Combine hydrogen leak or fire detection and counter-measures.
5 Avoid ignition sources using proper materials or devices in different ATEX zones, remove electrical
systems where appropriate or provide electrical grounding, etc.
6 Avoid congestion. Reduce turbulence promoting flow obstacles in respective ATEX zones.
7 Avoid confinement. Place storage in the open if possible or use proper size openings in the enclosure.
8 Provide efficient passive barriers in case of active barriers deactivation for whatever reason.
9* Train and educate staff in hydrogen safety to establish a new hydrogen safety culture.
10* Report near misses and incidents to databases and include lessons learned in your documentation.
Note: * - organisational measures.
It should be noted that the ATEX regulations, which is referred to in safety strategies 3 and 5 and
highlighted also as one of the compulsory legal frameworks in Appendix 2, provides valuable guidance for
safety provisions. It is worth noting that the simple mentioning of named safety strategies in the draft
safety plan at the preparatory stage does not replace the need for comprehensive hydrogen safety
engineering within the project as appropriate for the project theme.
20
Some further best practices should account for the following issues, addressed in recent pre-normative
research. The following phenomena and systems should be included into consideration during carrying
out hydrogen safety engineering (description of mentioned below phenomena can be found elsewhere10):
 Hydrogen release and dispersion, including effects of confinement and ventilation system. It
should be taken into account that even unignited release could generate pressure loads, e.g. due
to the pressure peaking phenomenon. The hazard of asphyxiation during the release in a confined
space must be addressed. Frost bits by LH2 release has to be considered. An example of a safety
strategy for unignited release is the exclusion of the formation of flammable cloud/layer under a
ceiling of the enclosure, e.g. by a proper design of thermally activated pressure relief device (TPRD)
diameter and location. This can be implemented by using the thoroughly validated for both
expanded and under-expanded jets the similarity law.
 Ignition of hydrogen jet or hydrogen-air cloud, including the phenomenon of spontaneous ignition
of sudden hydrogen release by the so-called diffusion mechanism when heated by a shock air
interacts at the contact surface with expanding colder hydrogen. Ignition is associated with both
thermal and pressure effects.
 Hydrogen jet fire generates as well both thermal and pressure loads. This is valid for the open
space and especially pronounced in confined spaces. The free jet flame length for different
conditions of release, i.e. storage pressure and diameter of release, can be calculated by the
dimensionless correlation for flame length. Three hazard distances for free jet fires depend on
hydrogen flame length, LF, as: 𝑥=3.5LF for the “no-harm” hazard distance (70oC), 𝑥=3 LF for the
“pain” hazard distance (115oC, 5 min), and 𝑥=2 LF for the “fatality” hazard distance (third-degree
burns, 309oC, 20 s).
 Deflagration of turbulent hydrogen jet or flammable cloud generates pressure and thermal effects
too. One of the worst-case scenarios is a transition from deflagration to detonation (DDT). It
should be noted that while the venting technique is widely used to mitigate deflagrations and
correlations for vent sizing are available for both localised non-uniform and uniform hydrogen-air
deflagrations, this technique is not applicable to mitigate detonation.
 High-pressure hydrogen tank rupture in a fire is a “new” low-frequency high consequences
scenario to be addressed. Tools to calculate fireball size and blast wave decay are available now
both for the open atmosphere and in tunnels. The devastating consequences of tank rupture, i.e.
blast wave, fireball and projectiles must be prevented by all means. Different safety technologies
are available to prevent tank rupture. The burst of a pressurised vessel will lead to serious blast
loads even without a chemical reaction, which, as was recently proved, contributes to the blast
wave strength.
 The development of innovative safety strategies and engineering solutions is a constituent part of
hydrogen safety design. In most practical cases, especially confined spaces, the reduced models
have limited applicability and contemporary validated CFD and FEM models should be applied
along with the experimental studies to close still existing knowledge gaps and technological
bottlenecks in hydrogen safety.
Legal requirements and regulations, where they are available, must be accounted for in the safety plan
preparation. The statistics of incidents and failure probabilities for hydrogen technologies are not yet
available to the needed extent as for all emerging technologies. This makes the quantitative risk
assessment of hydrogen systems and infrastructure difficult if not impossible to carry out due to high
uncertainties. Thus, it is recommended to focus on the engineering of inherently safer systems, including
accounting for the safety principles and best practices, and demonstrate the progress beyond the state-
of-the-art rather than invest most of the intellectual and financial resources only in the risk assessment.
The hazards and associated risk assessment has to be carried out where appropriate and as required by
10
Fundamentals of hydrogen safety engineering, free download eBook, www.bookboon.com, 2012.
21
RCS. This showed account, as well, the best practices and new knowledge, e.g. described in research
papers relevant to the project topic.
4.4 Project safety documentation
During the project implementation, the following documentation on safety should be prepared,
maintained and updated as required.
Project safety documentation includes:
 Information about the technology of the project:
o A block flow diagram or simplified process flow diagram, PID (see Appendix 6. “Example of
Safety Plan”).
o Process chemistry if applicable.
o Maximum intended inventory of materials.
o Safe upper and lower limits for such items as temperatures, pressures, flows, and
concentrations.
o An evaluation of the consequences of deviations, including those affecting the safety and
health of personnel.
 Information about the equipment or apparatus:
o Materials of construction.
o Material and energy balances.
o Electrical classification.
o Pressure relief system design and design basis.
o Ventilation system design.
o Design codes and standards employed.
o Alternatives to the use of listed equipment.
o Safety check before starting.
 Map of ATEX zones, e.g. drawings of zones 0 and 1, is included in the installation plan when
justified.
 Safety systems, e.g. alarms, interlocks, detection or suppression systems.
 Procedures to follow in case of emergency. This should cover aspects like equipment shut down,
hydrogen isolation, activation, etc.
 Safety review documentation, including the ISV, hazards and associated risk assessment.
 Operating procedures, including response to deviation during operation.
 Material Safety Data Sheets.
 References such as handbooks and RCS.
 Siting issues (alternatives to required setbacks distances).
Safety documentation should be updated regularly to reflect changes to chemicals/other materials and
their quantities, equipment, technologies, and facilities.
Additionally, the safety plan should describe how the project safety documentation and the plan itself is
maintained, including who is responsible, where documents are kept, and how it is accessed by team
members. A one-page summary should be available on-site for easy consultation by the personnel
responsible for handling relevant equipment and systems.
22
5 EUROPEAN HYDROGEN SAFETY PANEL
In 2017, the FCH 2 JU launched the European Hydrogen Safety Panel (EHSP) initiative with the mission to
support the FCH 2 JU, both at the programme and project level, in assuring that hydrogen safety is
adequately managed, and to disseminate hydrogen safety knowledge and culture to all stakeholders,
including the general public. The EHSP members represent broad cross-sectoral and interdisciplinary areas
of expertise by comprising representatives from industry, research, academia and first responders.
The panel’s principal objective is to promote the inherently safer production, storage, handling and use of
hydrogen in different systems and infrastructure across all technologies and applications. The EHSP
contributes to this objective by:
 Supporting the development of annual and multi-annual work plans of FCH 2 JU.
 Guiding safety planning and implementation.
 Reviewing safety plans and project safety engineering solutions.
 Sharing and disseminating safety knowledge and best practices.
 Presenting safety as a priority for successful development, deployment and use of hydrogen
technologies.
 Participating in incident/accident investigations.
 Enlarging and analysing the HIAD 2.0 database, and summarizing lessons learnt.
 Reviewing the progress achieved in the field of hydrogen safety in the projects funded by FCH 2
JU.
The general EHSP approach is to focus on engagement, lessons learning from research and incident
investigation, dissemination of knowledge and discussions rather than audit or regulatory exercises. The
Panel is rather built on than duplicate the efforts of others, e.g. of standards development organisations
(SDOs) and the International Association for Hydrogen Safety (IA HySafe).
The EHSP aim is to assist project teams in developing inherently safer approaches to design, operation,
and maintenance of facilities that handle hydrogen through different mechanisms, e.g. guidance on the
safety plan preparation and implementation, thematical workshops, etc. Project reviews have the
advantage of helping the project to ensure their approaches and ideas of engineering designs are sound
in sense of technological safety and are informed by the state-of-the-art in hydrogen safety engineering.
Early design reviews provide more detail to consider, and opportunities to make technology improvements
before resources are spent on hardware for the installation, etc. It may also be beneficial to re-engage
with the EHSP even at later stages of the project to discuss unforeseen significant issues in the hazards
and associated risks assessment or safety features because of changes from early design.
The EHSP is committed to assist in this regard and can provide an independent view. However, it is highly
recommended that projects requiring professional knowledge in hydrogen safety include partner(s) with
relevant expertise not to jeopardise the quality of project outputs from the safety point of view.
Contact the EHSP via the
 EHSP Mailbox: EHSP@fch.europa.eu
 Website: http://www.fch.europa.eu/page/european-hydrogen-safety-panel
23
Appendix 1. Hydrogen safety terminology and abbreviations
Accident An unforeseen and unplanned event or circumstance causing loss or injury.

ACH Air changes per hour.
AFC Alkaline Fuel Cell. A low-temperature fuel cell in which the electrolyte is
potassium hydroxide (KOH) solved in water, where hydroxide ions (OH-) are
generated on the cathode and transported to the anode, where they oxidise
hydrogen and generate product water.
ATEX European Regulation related to explosive atmospheres (French „ATmospheres
EXplosives“), which is split into manufacturing and operational requirements.
AWP Annual Working Plan of the FCH 2 JU.
Barg Gauge pressure in bar.
Blast The rapid change in air pressure that propagates away from the region of an
or explosion. A sharp jump in pressure is known as a shock wave and a slow rise is
Blast wave known as a compression wave. Weak pressure waves propagate with the speed of
sound and shock waves always travel supersonically, i.e. faster than the speed of
sound. A blast wave is produced because the explosive event displaces the
surrounding air rapidly.
BLEVE Boiling Liquid Expanding Vapour Explosion.
Boiling point Temperature to which a fuel must be cooled to store and use as a liquid. The
normal boiling point (NBP) of a liquid is the case in which the vapour pressure of
the liquid equals the defined atmospheric pressure at sea level (1 atmosphere or
101325 Pa). The standard boiling point (SBP) is defined as the temperature at
which boiling occurs under a pressure of 1 bar (100000 Pa).
CCH2 Cryo-Compressed Hydrogen.
CFD Computational Fluid Dynamics.
CGH2 Compressed Gaseous Hydrogen.
(sometimes CH2)
CHP Combined Heat and Power. Also known as cogeneration, CHP is the use of a power
station to simultaneously generate both heat and electricity.
CNG Compressed Natural Gas.
CPD Continuous Professional Development.
Critical tube The minimum diameter of a tube that will allow a detonation to diffract and
diameter continue into a larger volume as a self-sustained detonation wave. If the tube is
(detonation) smaller than this diameter, the detonation wave will "fail" when it emerges from
the tube.
Critical Initiation This is the smallest amount of energy deposition that will cause the direct
Energy initiation of a detonation wave.
(detonation)
Critical point The critical point is composed of the critical temperature and critical pressure,
which are 33 K and 13 bar for hydrogen. Above the critical temperature, no
liquefaction might be achieved by pressurisation.
Cryogenic(s) Corresponds to temperatures below 120 K.
DDT Deflagration to Detonation Transition.
Deflagration and Deflagration and detonation are the propagation of a combustion zone at a
detonation velocity that is respectively less than and greater than the speed of sound in the
unreacted mixture.
24
Detonation A device, which can stop the progression of a detonation by imposing geometrical
arrestor constraints.
EHSP European Hydrogen Safety Panel.
Enthalpy The sum of the internal energy of matter and the product of its volume and
pressure. The units of enthalpy are Joules (J).
Entropy A measure of the amount of energy in a physical system that cannot be used to do
work. The units of entropy are Joules per Kelvin (J/K). An important law of physics,
the second law of thermodynamics, states that the total entropy of any isolated
thermodynamic system tends to increase over time, approaching a maximum
value.
Equivalence ratio The ratio of fuel to oxidizer divided by the same ratio at stoichiometric conditions.
Explosion The sudden release of energy generating a blast wave.
FA Flame acceleration.
FC Fuel Cell. A device that produces electricity through an electrochemical process,
usually from hydrogen and oxygen.
FCEV Fuel Cell Electric Vehicle. An electric vehicle that uses a fuel cell (in most cases a
sometimes also hydrogen fuel cell) for providing the main source of electricity for the drive train.
FCV
FCH 2 JU The Fuel Cells and Hydrogen 2 Joint Undertaking.
Fire point The fire point is the minimum temperature of a liquid at which the evaporation
rate is sufficient to sustain combustion.
Flame arrestor A device, which can stop the progression of a flame by extracting heat from the
combustion zone and combustion products.
Flame speed The speed with which a flame, possibly turbulent, appears to move relative to a
stationary observer. The flame speed can be much larger than the burning velocity
due to the expansion of the combustion products.
Flammability limits The range of pressure and temperature for which a flame propagation at a fixed
composition mixture is possible.
Flammability A range of concentrations between the lower and the upper flammability limits.
range
Flash point The minimum temperature at which the vapour above a liquid fuel will first
support a combustion transient or "flash" if an ignition source is applied.
FMEA Failure Mode and Effect Analysis is a standardised risk assessment method.
FRR Fire Resistance Rating. A measure of time for which a passive fire protection
system can withstand a standard fire resistance test, e.g. time from a standard fire
test start until rupture of a composite pressure vessel without TPRD (failed or
blocked TPRD) in the fire.
Fuel-air mass ratio The ratio of the mass of fuel to the mass of air in the reactants.
FTA Fault Tree Analysis is a standardised risk assessment method.
GH2 Gaseous Hydrogen.
H2 Hydrogen.
Harm Adverse effect on people, property or environment.
Hazard A potential source of harm (a chemical or physical condition that has the potential
for causing damage to people, property and the environment).
Hazard distance Hazard distance is a distance from the source of hazard to a determined (by
physical or numerical modelling, or by a regulation physical effect value (normally,
thermal or pressure) that may lead to a harm condition ranging from “no harm”
to “max harm” to people, property or environment.
Hazard zone An area where an explosive atmosphere might occur.
25
HAZID HAZard IDentification is a standardised ISV method.
HAZOP HAZard OPerability analysis is a standardised ISV method.
Heat of The energy that can be released by burning a unit amount of fuel; normally
combustion measured in J/kg of fuel.
HEV Hybrid Electric Vehicle. A vehicle combining a battery-powered electric motor with
a traditional internal combustion engine. The vehicle can run on either the battery
or the ICE or both simultaneously, depending on the performance objectives for
the vehicle.
HFS Hydrogen Filling Station.
HHV Higher Heating Value. The amount of heat released by a specified quantity of fuel
(initially at 25°C) once it is combusted and the products have returned to a
temperature of 25°C (condensed i.e. released latent heat of condensation). The
HHV of hydrogen is 141.88 MJ/kg.
HIAD 2.0 Hydrogen Incident and Accident Database initially developed by the NoE HySafe
(HIAD) and further maintained by JRC. HIAD 2.0 contains public data.
Hydrogen safety Application of scientific and engineering principles to the protection of life,
engineering property, and environment from adverse effects of incidents/accidents involving
hydrogen.
ISV Identification of Safety Vulnerabilities. Procedure for identification of potential
shortcomings in response to hazards.
Ignition delay time Time elapsed from the sudden increase in temperature until the ignition is
observed.
Incident An event that occurs casually in connection with something else and results in a
loss or injury or should have resulted in an emergency response.
Impinging jet A gas jet that hits a wall, ceiling, or obstacle.
ICE Internal Combustion Engine. An engine that converts the energy contained in fuel
inside the engine into motion by combusting the fuel. Combustion engines use the
pressure created by the expansion of combustion product gases to do mechanical
work.
Jet fire Fire of momentum-driven jet.
JRC Joint Research Centre of the European Commission.
Laminar burning Rate of flame propagation relative to the unburned gas that is ahead of it, under
velocity stated conditions of mixture composition, temperature, and pressure of the
unburned gas.
LFL Lower Flammability Limit. It is 4% by volume of hydrogen in air at normal pressure
and temperature conditions.
LHV Lower Heating Value. The amount of heat released by combusting a specified
quantity (initially at 25°C) and returning the temperature of the combustion
products to 150°C. The units of LHV are joules per kilogram (J/kg). The LHV of
hydrogen is 120 MJ/kg.
LH2 Liquefied Hydrogen or Liquid Hydrogen. Hydrogen in liquid form. Hydrogen can
exist in a liquid state, but only at extremely cold temperatures. Liquid hydrogen
typically has to be stored at 20 K (-253°C). The temperature requirements for
liquid hydrogen storage necessitate expending energy to compress and chill the
hydrogen into its liquid state.
LNG Liquefied Natural Gas. Natural gas in liquefied form. Pure natural gas (methane) is
a liquid at -162°C at atmospheric pressure.
LOC Loss Of Containment.
LOHC Liquid Organic Hydrogen Carrier.
26
LPG Liquefied Petroleum Gas. Any material that consists predominantly of any of the
following hydrocarbons or mixtures of hydrocarbons: propane, propylene, normal
butane, isobutylene, and butylene. LPG is usually stored under pressure to
maintain the mixture in the liquid state.
MAWP Multi-Annual Working Plan.
MEA Membrane Electrode Assembly.
MCFC Molten Carbonate Fuel Cell. A type of fuel cell that contains a molten carbonate
electrolyte. Carbonate ions (CO3--) are transported from the cathode to the anode.
Operating temperatures are typically near 650°C.
MIE Minimum Ignition Energy. The minimum value of the electric energy, stored in the
discharge circuit with as small a loss in the leads as possible, which (upon discharge
across a spark gap) just ignites the quiescent mixture in the most ignitable
composition. For a given mixture composition, the following parameters of the
discharge circuit must be varied to get the optimum conditions: capacitance,
inductivity, charging voltage, as well as shape and dimensions of the electrodes
and the distance between electrodes.
MPa Mega Pascal (106 N/m2 = 10 bar).
MR Mixed Refrigerant.
MSEG Maximum Safe Experimental Gap. A flame can be initiated in the flammable
atmosphere even when the height of a channel or gap connecting the two
hemispheres of the ignition chamber with the flammable atmosphere beyond the
chamber is smaller than the laminar flame quenching diameter.
Near-miss An event that, under slightly different circumstances, could evolve in an incident
or an accident.
NGV Natural Gas Vehicle.
NIST National Institute of Standards and Technology.
Nm3/h Normal cubic meters per hour.
NoE Network of Excellence.
NTP Normal Temperature and Pressure. NTP conditions are: temperature 293.15 K and
pressure 101.325 kPa.
Overpressure The pressure more than the ambient pressure, which is created by an explosion,
for instance.
PAFC Phosphoric Acid Fuel Cell. A type of fuel cell in which the electrolyte consists of
concentrated phosphoric acid (H3PO4). Protons (H+) are transported from the
anode to the cathode. The operating temperature range is generally 160-220°C.
PAR Passive Autocatalytic Recombiners. A system, where the reaction of premixed
hydrogen and oxygen, air respectively, is promoted at low temperatures on a
surface coated with catalytic material (typically Pt or Pd). As the reaction starts
well below LFL only a little heat is released. Note: recombiner could be a source of
ignition for higher concentrations of hydrogen.
PEM Polymer Electrolyte Membrane, sometimes also Proton Exchange Membrane, is a
solid polymer membrane used in corresponding fuel cells and electrolysers as a
solid electrolyte. The membrane is conducting protons (H+) and therefore
represents an acidic medium.
Permeation Movement of atoms, molecules, or ions into or through a porous or permeable
substance.
PGM Platinum Group Materials.
PHEV Plugin Hybrid Electric Vehicle.
27
PEMFC sometimes Polymer Electrolyte or Proton Exchange Membrane Fuel Cell. A type of acid-based
also PEFC fuel cell in which the transport of protons (H+) from the anode to the cathode is
through an electrolyte made from a solid polymer.
PSA Pressure Swing Adsorption. A special method for purifying gases.
QDR Qualitative Design Review.
QRA Quantitative Risk Assessment.
QRM Qualitative Risk Matrix.
Quenching This is the cessation of combustion due to either heat transfer and mass transfer
to the surface or aerodynamics effects like strain fields and rapid mixing.
Quenching A characteristic length scale associated with laminar flame quenching during
Distance propagation in a narrow channel or tube.
RA Risk Assessment.
RCS Regulations, Codes and Standards.
Regulation A legal, mandatory requirement.
Risk Risk is the technical (quantitative) aspect of safety, normally expressed as the
product of the probability of a hazard to realise and its associated damage
RPT Rapid Phase Transition.
RTA Road Traffic Accident.
Safety Freedom from unaccepted risks.
Safety distance Distance to acceptable risk level or minimum risk-informed distance between a
hazard source and a target (human, equipment, or environment), which will
mitigate the effect of a likely foreseeable incident and prevent a minor incident
from escalating into a larger incident.
Note: The term ‘safety distance’ may also be referred to as “safe distance,”
“separation distance,” or “setback distance”.
Safety plan A structured and documented approach to address safety issues in a project
Setback distance see Safety distance
Separation see Safety distance
distance
SOFC Solid Oxide Fuel Cell. A type of fuel cell in which the electrolyte is a solid,
nonporous metal oxide, typically zirconium oxide (ZrO2) treated with Y2O3, and O2
is transported from the cathode to the anode. Any CO in the reformate gas is
oxidized to CO2 at the anode. Temperatures of operation are typically 800-1000°C.
Standard A required (when referred by a regulation) or agreed level of quality or
attainment.
Stoichiometric The proportion of fuel and oxidizer that will result in complete combustion is
ratio known as a stoichiometric ratio.
TPRD Thermally Activated Pressure Relief Device.
Thermal The intensive property of a material that indicates its ability to conduct heat. The
conductivity units of thermal conductivity are typically Watts per meter and Kelvin (W/m/K).
Hydrogen shows relatively high thermal conductivity.
UFL Upper Flammability Limit (75% vol hydrogen in air at normal pressure and
temperature).
Under-expanded A gas jet with pressure at the real nozzle exit above the atmospheric pressure.
jet
VCE Vapour Cloud Explosion.
Vented Deflagration mitigation by venting technique. Can be used to mitigate deflagration
deflagration effects but cannot be used to “mitigate” detonation.
28
Appendix 2. Applicable Regulations, Codes and Standards
Legal framework
Handling flammable, compressed, or cryogenic substances may be dangerous not only for the person
doing it but also for others or society as a whole. Industrialisation brought about not only much larger
amounts of such substances used for processes of all kinds but also a more complex structure of the society
which is more vulnerable to technical problems. Therefore, for the last two centuries more or less all
countries (or their provinces or communities) issued legal requirements or regulations to guarantee a
minimum level of safety for human life and health as well as for material values. The increasing safety
demands of the modern citizen towards the society, new technologies (nuclear, genetic) as well as new
threats (terrorism, pollution) cause an ever-increasing refinement of those rules.
Regulations and standards
A regulation is a statutory text at the local, national, regional, or international e.g. United Nations level
which is imposed by a legal authority. It usually states minimum safety requirements that are written and
adopted by legislative bodies, to regulate a particular kind of activity.
Legal requirements are intended to ensure that a product or system or infrastructure or activity will not
impact human safety/health, property or the environment.
A standard as discussed here is a document, established by consensus and approved by a recognised
standardisation body e.g. ISO, IEC, CEN, CENELEC, BSI etc. that provides, for common and repeated use,
rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum
degree of order in a given context. An international standard is a standard developed and adopted by an
international standardisation organisation (like ISO or CEN) and made available to the public.
Many countries have their national standard body, like PKN, DIN, BSI, AFNOR, etc. The general
globalisation and the progressing economic integration of the EU member states affect that national
standards more and more lose their importance in favour of international ones, which are developed in
collaboration of international experts and then adopted nationally.
The application of a standard is not mandatory unless a regulation refers to that standard. Even then, the
legal power comes from the regulation, not from the standard.
Role and distinction
Though standards and regulations are frequently mentioned together it should be remembered that they
are two fundamentally different concepts. While regulations are mandatory for everybody in its domain,
standards are not always mandatory. Standards facilitate the trade and use of goods or services and are
developed mainly by industrial bodies. Their main role is to make components or services fit together:
pressure cylinders with valves, valves with regulators and further equipment leading the gas to the place
of use. This, however, also involves safety issues, and so there is of course an interface with regulations,
which are expected to be developed mainly by public bodies.
As shown in Figure A2-1, the main difference between regulations and codes and standards lies in their
legal power. Regulations have legally compelling power, whereas standards have not. Standards are a
useful instrument for organisations or interest groups dealing with standardised technology and
facilitating international trade.
29
+
L
e
v
e
Mandatory l
Regulations o
(Directives, Codes, …) f
i
m
Standards p
o
r
Useful t
a
n
Guidelines/ Codes of practice c
e
-
Figure A2-1: Hierarchy of Regulations, Standards and Codes.
The following table highlights the most important characteristics of legal requirements and standards.
Table A2-1. Legal requirements versus standards.
Regulations Standards
Protection of the public, the environment,
Facilitation of the free exchange of goods and
Purpose employees, material values etc. from damage
services
or danger
Legislative bodies, governments, or other Free agreement by those parties which are
political bodies; sometimes technical expert interested in such a standard (unless it is
Source
committees under the supervision of the mentioned in Regulations when a standard
former becomes mandatory)
Usually not mandatory, but may be referenced
Legal Law, ordinance or otherwise mandatory
in regulation (then is mandatory) or considered
role instruments
as acceptable practice in court
EU legislation
European laws, such as Directives or Regulations, prevail over national laws. To carry out their task and
following the provisions of the Treaty establishing the European Community (the EC Treaty), the
Parliament acting jointly with the Council, the Council and the Commission make regulations and issue
directives according to Art. 249 of the EC Treaty.
A directive shall be binding, as to the result to be achieved, upon each Member State to which it is
addressed, but shall leave to the national authorities the choice of form and methods (national
transcription).
A regulation shall have general application. It shall be binding in its entirety and directly applicable in all
Member States. The EU has, for example, a regulation for the type approval of hydrogen vehicles:
COMMISSION REGULATION (EU) No 406/2010 of 26 April 2010 implementing Regulation (EC) No 79/2009
of the European Parliament and of the Council on type-approval of hydrogen-powered motor vehicles.
Requirements for products and operational requirements are strictly separated in EU legislation since they
belong to different political objectives and are governed by different articles of the EU treaty
30
Hydrogen gas regulations
Regulations in the EU generally deal with procedures and processes, not so much with individual
substances. Substance specific regulations exist only if the substance has quite specific and important
dangerous properties of its own (like acetylene or oxygen) or if it is of such economic importance that a
specific body of rules makes sense.
Neither is true for hydrogen. Hydrogen is a flammable gas lighter than air, which is not uncommon. There
are many other gases like this in extensive use. And even though it is an important substance in the
chemical industry its economic importance cannot be compared at the moment with that of e.g. natural
gas. This means that guidance for handling hydrogen must be sought by looking up the regulations for
what somebody wants to do with hydrogen. Then the general rules must be applied to the specific
application.
EU directives relevant for hydrogen
Apart from the directives of the EU listed below, there are also other regulations from other sources.
International transport of dangerous goods is dealt with in several international agreements which
comprise ADR (road), RID (rail), IMO (sea) and ADNR (inland waterways). Air traffic is cared for by IATA and
ICAO. For making sure that motor vehicles can be used internationally there are different provisions; some
of them involves the UN ECE, e.g. Regulation 134 for hydrogen vehicles.
Despite the European directives, there are also European regulations. European regulations need – in
contrast to European directives - no national implementation for becoming legally binding. An example of
this is the COMMISSION REGULATION (EU) No 406/2010 and the UN ECE Regulation 134, both relevant for
hydrogen vehicles.
ATEX directive 99/92/EC
ATEX directive 99/92/EC is relative to minimum requirements for improving the safety and health
protection of workers potentially at risk from explosive atmospheres (ATEX).
Hydrogen is a flammable gas that can form an ATEX where mixed with air (such an ATEX is defined by the
directive as a mixture in which, after ignition occurred, combustion spreads to the entire unburned
mixture).
So, any employer who runs facilities, where hydrogen is processed in, shall comply with the requirements
of the directive, because his workers are potentially at risk from the effects of explosions which may be
produced by the ignition of an ATEX which can be formed.
A place in which an ATEX may occur in such quantities as to require special precautions to protect the
health and safety of the workers concerned is deemed to be hazardous within the meaning of this
directive.
The employer shall classify hazardous places where ATEX's may occur into zones based on the frequency
and duration of the occurrence of an ATEX and under the following definition:
 Zone 0: a place in which an ATEX is present continuously or for long periods or frequently.
 Zone 1: a place in which an ATEX is likely to occur in normal operation occasionally.
 Zone 2: a place in which an ATEX is not likely to occur in normal operation but, if it does occur, will
persist for a short period only.
Where necessary, places, where ATEX's may occur in such quantities as to endanger the health and safety
of workers, shall be marked with the underneath sign at their points of entry.
ATEX directive: 2014/34/EU
This directive applies to equipment and protective systems intended for use in potentially explosive
atmospheres. It also applies to controlling devices and regulating devices intended for use outside
31
potentially explosive atmospheres but required for or contributing to the safe functioning of equipment
and protective systems concerning the risks of explosion are also covered by the scope of this directive.
Both ATEX directives are interrelated. Equipment from certain categories according to 2014/34/EU can be
used in certain zones defined according to 99/92/EC but is forbidden in others.
Pressure vessels regulation (stationary)
The PED (Pressure Equipment Directive – 97/23/EC of the European Parliament and of the Council of 29
May 1997 on the approximation of the laws of the Member States concerning pressure equipment) is
applicable in Europe since December 1999 and mandatory since the end of May 2002.
It applies to all stationary vessels with a service pressure of more than 0.5 bar and a volume of more than
50 litres.
In the case of hydrogen energy applications, it is particularly relevant for all pressure vessels (cylinders)
and safety accessories (valves, flexible hoses, connectors) used for hydrogen fuelling station.
This pressure equipment directive allows using the same design for the pressure vessels and associated
accessories everywhere in the EU.
Since this directive is mandatory in Europe, several “Notified Bodies” have been notified to Brussels by the
authorities of each EU member state. These notified bodies can make the “evaluation of conformity” of
the pressure equipment; this evaluation is confirmed by the “CE” mark applied onto the equipment. Any
notified body (from every country) can approve a CE marked equipment to be used in every country of the
EU.
This directive only defines the “essential requirements” which are given in its Annex 1. Detailed
requirements are given in the harmonized standards (e.g. prepared by CEN). These EN-Standards are not
mandatory, other procedures or “state of the art” can be used by the manufacture to demonstrate to the
notified body that the essential requirements are fulfilled.
This European directive doesn’t cover the use of the equipment (operational requirement, periodic
inspection,) which are still under national regulations. This may create difficulties if such equipment is to
be moved from one country to another.
Regulations for the Transport of Dangerous Goods
The transport of dangerous goods is at least internationally in most cases worldwide harmonised and
regulated. The basis for this is the UN Model Regulations, the so-called Orange Book. It is published every
two years by the UN ECOSOC (Geneva) and leads to subsequent changes in the relevant transport
regulations for land, sea and air mode.
Despite this, the perspective of a European user or consignor of hydrogen or other gases is different. There,
the basis is the rules for the national implementation of the European directive TPED. The TPED (The
Council Directive 1999/36/EC on transportable pressure equipment) applies to transportable pressure
equipment and is mandatory since July 1st, 2003 for gas cylinders. It will also apply soon to bundles, drums
and trailers (July 1st, 2005 optional and July 1st, 2007 mandatory). ). Since 2009 the UN ECE regulations
for the European land transport RID/ADR contain a lot of details that had been part of the 1999/36/EC the
TPED was revised and substituted by the Transportable Pressure Equipment Directive 2010/35/EU
(TPED) in 2010.
In the case of hydrogen energy applications, it is particularly relevant for the transport of hydrogen to the
fuelling stations. It is also applicable to hydrogen pressure tanks used on the vehicle when these tanks are
removable, refilled independently from the vehicle and transported to hydrogen depots. The on-board
storage of gases as a propellant in permanently mounted systems is not part of transport regulations. This
is part of the approval of the vehicles.
32
This directive defines the procedural requirements for European conformity assessment and relevant
responsibilities and refers to the ADR/RID concerning the technical requirements.
ADR/RID is the transport regulation by road (ADR) and rail (RID) for Europe and many other countries
around. TPED refers to “Class 2” (gases), ADR/RID covering also other dangerous substances.
EN (and ISO) standards are referred into the ADR/RID and give presumption of conformity to ADR/RID but
normally other routes complying with the technical requirements of ADR/RID can be followed.
Contrary to the PED, TPED also covers the use of the equipment including periodic inspection and any
other operational requirement. Consequently, it provides full harmonization in Europe. It also allows to
“reassess” old national equipment to transform them into “” equipment.
Since the distribution of very most hydrogen takes place on road or rail, in some cases over the sea or by
air transport, the standards developed or under improvement of CEN TC 23 and ISO TC 58 are very valid
for hydrogen. The most important standards that have been referenced in relevant transport regulations
are listed here:
 ISO 11114-1:2020 Gas cylinders — Compatibility of cylinder and valve materials with gas
contents — Part 1: Metallic materials
 ISO 16148:2016 + Amd 1:2020 Gas cylinders — Refillable seamless steel gas cylinders and tubes
— Acoustic emission examination (AT) and follow-up ultrasonic examination (UT) for periodic
inspection and testing — Amendment 1
 ISO 9809-1:2019 Gas cylinders — Design, construction and testing of refillable seamless steel gas
cylinders and tubes — Part 1: Quenched and tempered steel cylinders and tubes with tensile
strength less than 1 100 MPa
 ISO 9809-2:2019 Gas cylinders – Design, construction and testing of refillable seamless steel gas
cylinders and tubes – Part 2: Quenched and tempered steel cylinders and tubes with tensile
strength greater than or equal to 1 100 MPa
 ISO 9809-3:2010 Gas cylinders – Refillable seamless steel gas cylinders – Design, construction
and testing – Part 3: Normalized steel cylinders
 ISO 9809-3:2019 Gas cylinders — Design, construction and testing of refillable seamless steel gas
cylinders and tubes — Part 3: Normalized steel cylinders and tubes
 ISO 7866: 2012+ Cor 1:2014 Gas cylinders – Refillable seamless aluminium alloy gas cylinders –
Design, construction and testing
 ISO 11119-1:2012 Gas cylinders – Refillable composite gas cylinders and tubes – Design,
construction and testing – Part 1: Hoop wrapped fibre reinforced composite gas cylinders and
tubes up to 450 l Until further notice
 ISO 11119-2:2012+ Amd 1:2014 Gas cylinders – Refillable composite gas cylinders and tubes –
Design, construction and testing – Part 2: Fully wrapped fibre reinforced composite gas cylinders
and tubes up to 450 l with load-sharing metal liners
construction and testing – Part 3: Fully wrapped fibre reinforced composite gas cylinders and
tubes up to 450 l with non-load-sharing metallic or non-metallic liners
 ISO 11119-4:2016 Gas cylinders – Refillable composite gas cylinders – Design, construction and
testing – Part 4: Fully wrapped fibre reinforced composite gas cylinders up to 150 l with load
sharing welded metallic liners
 ISO 11120:2015 Gas cylinders – Refillable seamless steel tubes of water capacity between 150 l
and 3 000 l – Design, construction and testing Until further notice
construction and testing – Part 1: Hoop wrapped fibre reinforced composite gas cylinders and
tubes up to 450 l
33
 ISO 11119-2:2012 + Amd 1:2014 Gas cylinders – Refillable composite gas cylinders and tubes –
Design, construction and testing – Part 2: Fully wrapped fibre reinforced composite gas cylinders
and tubes up to 450 l with load-sharing metal liners
construction and testing – Part 3: Fully wrapped fibre reinforced composite gas cylinders and
tubes up to 450 l with non-load-sharing metallic or non-metallic liners
 ISO 11515:2013 + Amd 1:2018 Gas cylinders – Refillable composite reinforced tubes of water
capacity between 450 l and 3000 l – Design, construction and testing
 ISO 16111:2018 Transportable gas storage devices – Hydrogen absorbed in reversible metal
hydride
 ISO 10961:2019 Gas cylinders – Cylinder bundles – Design, manufacture, testing and inspection
 ISO 11114-1:2012 + A1:2017 Gas cylinders – Compatibility of cylinder and valve materials with
gas contents – Part 1: Metallic materials ISO 11114-2:2013 Gas cylinders – Compatibility of
cylinder and valve materials with gas contents – Part 2: Non-metallic materials
 ISO 11117:2019 Gas cylinders – Valve protection caps and guards – Design, construction and
tests Until further notice
 ISO 10297:2006 Gas cylinders – Refillable gas cylinder valves – Specification and type testing
 ISO 10297:2014 + A1:2017 Gas cylinders – Cylinder valves – Specification and type testing;
 ISO 14246:2014 + A1:2017 Gas cylinders – Cylinder valves – Manufacturing tests and
Examinations
 ISO 17871:2020 Gas cylinders – Quick-release cylinder valves – Specification and type testing.
 ISO 17879:2017 Gas cylinders – Self-closing cylinder valves – Specification and type testing
hydride
 ISO 6406:2005 Seamless steel gas cylinders – Periodic inspection and testing
 ISO 18119:2018 Gas cylinders – Seamless steel and seamless aluminium-alloy gas cylinders and
tubes – Periodic inspection and testing
 ISO 10461:2005/A1:2006 Seamless aluminium-alloy gas cylinders – Periodic inspection and
testing
 ISO 11623:2015 Gas cylinders – Composite construction – Periodic inspection and testing
 ISO 22434:2006 Transportable gas cylinders – Inspection and maintenance of cylinder valves
 ISO 20475:2018 Gas cylinders – Cylinder bundles – Periodic inspection and testing
hydride
For European land transport, there are a lot more CEN standards referenced for containments that are
acceptable for the transport of hydrogen, which are not presented here. In addition, there are several CEN
and ISO standards under development or already published but in the process of getting referenced in
regulations, like e.g. the EN 17339: 2020 Transportable gas cylinders - Fully wrapped carbon composite
cylinders and tubes for hydrogen.
Machinery directive: 2006/42/EG
This directive applies to machinery. It shall also apply to safety components placed on the market
separately.
Pressure vessel directive: 2014/68/EU
This directive applies to the design, manufacturing and evaluation of CE conformity of pressurised
equipment or set of equipment that work under a pressure above 0.5 bar.
34
Low voltage directive: 2014/35/EU
For the purposes of this directive "electrical equipment" means any equipment designed for use with a
voltage rating of between 50 and 1000 Volt for alternating current and between 75 and 1500 Volt for direct
current.
Electromagnetic compatibility directive: 2014/30/EU
This directive applies to apparatus liable to cause electromagnetic disturbance or the performance of
which is liable to be affected by such disturbance.
It defines the protection requirements and inspection procedures relating thereto.
Hydrogen standards related to hydrogen
Hydrogen technology makes sense only when it is applied globally. For this reason, it is quite natural that
standards for using hydrogen energy are also global. They are made by global standardization bodies (ISO,
IEC) or regional ones (CEN, CENELEC).
For ISO the Technical Committee 197 “Hydrogen Technologies” has the leading role for standards
development in the field. It cooperates closely with IEC TC 105 “Fuel Cells”, CEN/CENELEC/JTC6 “Hydrogen
in Energy Systems”, etc.
Four technical committees (TC) of the International Organization for Standardization (ISO) produce
standards relevant to hydrogen and fuel cell technologies, systems, and infrastructure.
ISO/TC 197 “Hydrogen Technologies” list of standards includes:
 ISO 13984:1999. Liquid hydrogen — Land vehicle fuelling system interface;
 ISO 13985:2006. Liquid hydrogen. Land vehicle fuel tanks;
 ISO 16110-1:2007 Hydrogen generators using fuel processing technologies - Part 1: Safety;
 ISO 16110-2:2010. Hydrogen generators using fuel processing technologies — Part 2: Test
methods for performance;
 ISO 16111:2018. Transportable gas storage devices — Hydrogen absorbed in reversible metal
hydride;
 ISO 26142:2010. Hydrogen detection apparatus. Stationary applications;
 ISO 17268:2020. Gaseous hydrogen land vehicle refuelling connection devices;
 ISO 19880-1:2020. Gaseous hydrogen. Fuelling stations. General requirements;
 ISO 19880-3:2018. Gaseous hydrogen. Fuelling stations. Valves;
 ISO 19880-5:2019. Gaseous hydrogen. Fuelling stations. Dispenser hoses and hose assemblies;
 ISO 19880-8:2019. Gaseous hydrogen. Fuelling stations. Fuel quality control;
 ISO 19881:2018. Gaseous hydrogen. Land vehicle fuel containers;
 ISO 19882:2018. Gaseous hydrogen. Thermally activated pressure relief devices for compressed
hydrogen vehicle fuel containers;
 ISO 14687:2019. Hydrogen fuel quality — Product specification;
 ISO 22734:2019. Hydrogen generators using water electrolysis — Industrial, commercial, and
residential applications;
 DD ISO/TS 15869:2009. Gaseous hydrogen and hydrogen blends. Land vehicle fuel tanks;
 DD ISO/TS 20100:2008. Gaseous hydrogen. Fuelling stations;
 ISO/TR 15916:2015. Basic considerations for the safety of hydrogen systems;
 ISO/TS 19883:2017. Safety of pressure swing adsorption systems for hydrogen separation and
purification;
 ISO/DIS 19884: Gaseous hydrogen -- Cylinders and tubes for stationary storage, etc.
35
ISO/TC 22 “Road vehicles” issued the following relevant standards:
 ISO 23273-2:2013 Fuel cell road vehicles - Safety specifications - Part 2: Protection against
hydrogen hazards for vehicles fuelled with compressed hydrogen;
 ISO 23828:2013. Fuel cell road vehicles - Energy consumption measurement - Vehicles fuelled with
compressed hydrogen;
 ISO/TR 11954:2008. Fuel cell road vehicles - Maximum speed measurement; etc.
ISO/TC 58 “Gas cylinders” published the following standards:
 ISO 11114-1:2020. Gas cylinders - Compatibility of cylinder and valve materials with gas contents
- Part 1: Metallic materials;
- Part 2: Non-metallic materials;
- Part 3: Autogenous ignition test for non-metallic materials in an oxygen atmosphere;
 ISO 11114-4:2017. Transportable gas cylinders - Compatibility of cylinder and valve materials with
gas contents - Part 4: Test methods for selecting steels resistant to hydrogen embrittlement;
 ISO/CD 11114-5 (under development). Gas cylinders - Compatibility of cylinder and valve materials
with gas contents - Part 5: Test methods for selecting plastic liners;
 ISO/TR 13086-1:2011. Gas cylinders - Guidance for design of composite cylinders — Part 1: Stress
rupture of fibres and burst ratios related to test pressure;
 ISO/TR 13086-2:2017. Gas cylinders - Guidance for design of composite cylinders - Part 2: Bonfire
test issues;
 ISO/TR 13086-3:2018. Gas cylinders - Guidance for design of composite cylinders - Part 3:
Calculation of stress ratios;
 ISO/TR 13086-4:2019. Gas cylinders - Guidance for design of composite cylinders - Part 4: Cyclic
fatigue of fibres and liners;
 ISO/TS 17519:2019. Gas cylinders - Refillable permanently mounted composite tubes for
transportation;
 ISO 18172-1:2007. Gas cylinders — Refillable welded stainless steel cylinders — Part 1: Test
pressure 6 MPa and below;
 ISO 18172-2:2007. Gas cylinders — Refillable welded stainless steel cylinders — Part 2: Test
pressure greater than 6 MPa;
 ISO/TR 19811:2017. Gas cylinders - Service life testing for cylinders and tubes of composite
construction;
 ISO 10961:2019. Gas cylinders - Cylinder bundles - Design, manufacture, testing and inspection;
 ISO 11623:2015. Gas cylinders - Composite construction - Periodic inspection and testing;
 ISO 11625:2007. Gas cylinders - Safe handling; ISO 20475:2018. Gas cylinders - Cylinder bundles -
Periodic inspection and testing;
 ISO 25760:2009. Gas cylinders - Operational procedures for the safe removal of valves from gas
cylinders; etc.
ISO/TC 220 on cryogenic vessels published several standards related to large transportable vacuum-
insulated vessels, gas/materials compatibility, and valves for cryogenic service, etc.
It is expected that activities on hydrogen standardization in Europe will be increasing due to the
establishment of CEN/CLC/JTC 6 “Hydrogen in energy systems”. European Committee for Standardization
(CEN) published:
 EN 17124:2018. Hydrogen fuel. Product specification and quality assurance. Proton exchange
membrane (PEM) fuel cell applications for road vehicles;
 EN 17127:2018. Outdoor hydrogen refuelling points dispensing gaseous hydrogen and
incorporating filling protocols.
36
Fuel cells detection and explosion protection are topics that are dealt with by IEC. Among the most
important standards published there are IEC EN 60079-10, 14, 17, and 19:
- IEC EN 60079-10 "Electrical apparatus for explosive gas atmospheres. Classification of hazardous
areas"
- IEC/EN 60079-14 "Electrical apparatus for explosive gas atmospheres. Classification of hazardous
areas"
- IEC/EN 60079-17 "Electrical apparatus for explosive gas atmospheres. Inspection and
Maintenance"
- IEC/EN 60079-19 "Electrical apparatus for explosive gas atmospheres. Repair"
Hydrogen relevant standards are not made only by one or a few committees, however. Since hydrogen
energy has relationships to many other fields, standards for pressure vessels, pipelines, gas quality etc.
must be taken into consideration as well.
37
Appendix 3. Known best practices to implement safety strategies
Table A3-1. Basic safety principles/strategies.
No. Safety strategy Example of best practices
1 Limit hydrogen inventories - Use of on-demand onsite production and/or small storage
especially indoors, to what containers,
is strictly necessary by - Store hydrogen outdoors, etc.
technology
2 Avoid or limit the - Apply hydrogen safety engineering, e.g. the similarity law, to
formation of a flammable exclude the formation of the flammable layer under a ceiling in
mixture case of a leak,
- Ensure system integrity, i.e. leak tightness,
- Avoid or control screwed connection of piping,
- Use small pipe diameters and flow restrictors, when possible,
- Exploit hydrogen buoyancy and natural ventilation as its main
safety asset,
- Use a mechanical ventilation system or inerting system if natural
ventilation does not suffice.
- Use the proper design of excess flow valves and discharge nozzles,
- Use catalytic recombiners where relevant (bear in mind that for
large release rates recombiners might be not suitable and that in
high hydrogen concentrations a recombiner could be an ignition
source), etc.
3 Carry out ATEX zoning Provide required documents for design and operation.
analysis
4 Combine leak detection - Use appropriate sensors and sensor locations,
and countermeasures - Monitor the processes,
- Combine emergency signals with appropriate measures,
- Use signals for ventilation management and shut-down of
electricity supply as relevant, etc.
5 Avoid ignition sources by - Use ATEX materials or equipment,
the use of proper materials - Avoid electricity, other flammable substances or hot surfaces in
or installations in the respective zones,
different ATEX zones - Provide proper grounding,
- Lightning protection in outdoor installations, etc.
6 Avoid congestion, reduce - Design piping, components, buildings accordingly
turbulence promoting flow - Remove unnecessary parts, etc.
obstacles in the respective
ATEX zone
7 Avoid confinement, - Install whenever possible your system in the open space,
promote openings for - Use the proper design of buildings, HVAC systems, e.g. NF EN
natural or mechanical 14994 April 2007,
ventilation or explosion - Avoid protective roofs and other construction elements, where
vents hydrogen might accumulate, etc.
8 Prefer passive barriers to - Increase distances,
active barriers - Use passive ventilation,
- Use passive autocatalytic recombiners (PAR) if no ignition by PAR
hazard,
- Use protective walls, safety glass,
- Use flame arrestors, deflagration vents as appropriate, etc.
38
9 Train and educate staff in - Do regular safety checks, reviews, internal audits,
hydrogen safety - Promote participation in hydrogen safety e-learning and CPD
courses, summer and other schools, higher education
programmes, etc.
10 Report near misses, - Use HIAD 2.0 or any other relevant database,
incidents and accidents - Update your safety plan on at least an annual basis,
- Inform staff and EHSP, etc.
These safety principles/strategies should be reflected in the safety plan, and in the process of identification
of safety vulnerabilities, hazards and associated risk assessment. However, they do not replace either
regulation, required risk assessment, or hydrogen safety engineering of system or infrastructure which can
resolve safety concerns not yet reflected in RCS. They allow stakeholders to take safety into account at all
stages of the system/process/ infrastructure design, deployment and operation.
In each specific situation, any deviation from these principles/strategies shall be discussed by a team that
includes but is not limited to a designer, manufacturer or operator, and person in charge of safety. This
person must take a firm stand on these principles but also be flexible in their application. Moreover, often
a compromise makes it possible to reach an efficient, economic and inherently safer solution.
Besides the principles presented above, project teams may also find the ISO/TR 15916:2015 “Basic
considerations for the safety of hydrogen systems” and the H2 Safety Best Practices11 to be useful
references for safety planning of hydrogen and fuel cell systems and infrastructure.
More specific safety guidelines and recommendations have been developed in several safety-related FCH
JU funded projects:
 HYPER: generated guidelines for permitting of small to medium-sized stationary systems,
 HyApproval: produced recommendations for the approval of hydrogen fuelling stations,
 HyIndoor: provided recommendations for safely using hydrogen in closed space
 HyFacts provides a framework for teaching basic issues for public authorities
 IDEALHY: provided safety assessment of LH2 production, transport and storage on a large scale
 HyResponse provides information for first responders
 SUSANA provides a framework for verification and validation for CFD to be used in risk assessment
 HySEA provides information on safe venting of standard containers accommodating hydrogen
technologies, etc.
11
https://h2tools.org/bestpractices
39
Appendix 4. Methods for identification of safety vulnerabilities,
hazards and risk assessment
Identification of safety vulnerabilities (ISV), hazards and risk assessment (RA) can be done using
any of the established, standardised industry methods. The methods shall help the project team
identify potential safety issues, discover ways to lower the probability of an occurrence and
minimise the associated consequences in an incident that could happen.
In applying one of the methods or any suitable combination of them, the project team should
always account for:
 All hazards.
 Previous incidents and near-misses.
 Engineering and administrative controls applicable to the hazards and their
interrelationships, e.g. the use of hydrogen detectors and emergency shutdown
capability.
 Mechanisms and consequences of failure of engineering and administrative controls.
 At least a qualitative evaluation of a range of the possible safety and health effects
resulting from the failure of controls.
 Facility location and general conditions of operation.
The ISV, hazards and RA should be performed by a team with sufficient expertise in all aspects of
the work to be performed. At least one team member should have experience and knowledge
specific to the set of processes, equipment, and facilities being evaluated. Also, one member of
the team needs to be knowledgeable in the specific ISV, hazards and RA methods being used.
Furthermore, it is recommended to include at least one member, who is an unbiased expert not
involved in the project directly and has in-depth education/training in hydrogen safety
engineering.
The sequence of methods presented in Table A4- implies increasing efforts in executing the
respective method.
Table A4-1. Overview of Identification of Safety Vulnerabilities and Risk Assessment Methods.
ISV, RA Method Description References
Checklist Analysis This qualitative method evaluates the  Appendix 5. Safety plan
project against existing guidelines using a checklist“
series of checklists. This technique is  EIGA Doc. 75/07
most often used to evaluate a specific Determination of Safety
design, equipment, or process, for which Distances
an organization has a significant amount of
experience.
“What If” Analysis, A speculative process where questions of  A barrier analysis of a
Structured “What If” the form "What if … (hardware, software, generic hydrogen refuelling
Technique (SWIFT) instrumentation, or operators) (fail, station; Markert, Engebo,
breach, break, lose functionality, reverse, Nielson 3rd ICHS
etc.)?" are formulated and reviewed. http://conference.ing.unipi.
Sometimes described as a light-weighted it/ichs2009/images/stories/
FMEA papers/185.pdf
40
Hazard HAZard IDentification (HAZID) is a well- Hazard Identification
Identification known and well-documented method. A Methods; Frank Crawley,
(HAZID) HAZID is a systematic assessment to Brian Tyler, IChemE
identify hazards and problem areas
associated with plant, system, operation,
design and maintenance. HAZID is used
both as part of a Quantitative Risk
Assessment (QRA) and as a standalone
analysis for i.e. installation, modification,
replacement, upgrading, reduction,
isolation, lifting.
Hazard and A qualitative method that systematically  Literature review by Jordi
Operability Analysis evaluates the causes and impact, Dunjó, Vasilis Fthenakis,
(HAZOP) consequences respectively, of deviations Juan A. Vílchez, Josep
using project information. The method Arnaldos,
was developed to identify both hazards https://doi.org/10.1016/j.jh
and operability problems at chemical azmat.2009.08.076.
process plants.  http://conference.ing.unipi.
Executing the method relies on using it/ichs2007/fileadmin/user_
guidewords (“such as”, “no”, “more”, upload/CD/PAPERS/11SEPT
“less” …) combined with process /4.1.294.pdf
parameters (e.g. temperature, flow,
pressure) that aim to reveal deviations
(such as less flow, more temperature) of
the process intention or normal operation.
Risk Matrix Binning A qualitative method that combines the Qualitative Risk Assessment
categorisation of probabilities and of Hydrogen Liquefaction,
consequences with risk acceptance Storage and Transportation,
categories in a matrix form. Sometimes the G. Hankinson and B.
results of an FMEA are displayed in a Risk Lowesmith
Binning Matrix.
Failure Modes and FMEA is a tool to systematically analyse all  https://en.wikipedia.org/wi
Effects Analysis contributing component failure modes and ki/Failure_mode_and_effec
(FMEA) identify the resulting effect on the system ts_analysis
The semi-quantitative method is  NASA Scientific and
essentially composed of the following Technical Information
steps: http://www.sti.nasa.gov/
 Define your system and the required FMEA for Hydrogen Fueling
level of analysis depth. Options
 Identify hazards and events http://conference.ing.unipi.
(potentially with an advanced it/ichs2007/fileadmin/user_
HAZOP) for related equipment, upload/CD/PAPERS/11SEPT
components, and processes /4.1.294.pdf
 Identify potential initiating failure
modes and effects for all
components and equipment and
potentially early detection
capabilities.
 Determine a risk priority number
(RPN).
41
 Agree on acceptable limits for the
RPN.
 In case, identify potential prevention
and mitigation corrective action and
re-evaluate RPN.
Fault Tree Analysis Fault Tree Analysis is a quantitative (with Application to a hydrogen
(FTA) regard to probabilities), deductive (top- pipeline in R. Gerboni,
down) method used for the identification E. Salvador, Hydrogen
and analysis of conditions and factors that transportation systems:
can result in the occurrence of a specific Elements of risk analysis
failure or undesirable event. This method
addresses multiple failures, events, and
conditions.
Event Tree Analysis This method is an inductive approach used http://conference.ing.unipi.
and Barrier Analysis to identify and quantify a set of possible it/ichs2005/Papers/220003.
outcomes. The analysis starts with an pdf
initiating event or initial condition and
includes the identification of a set of
success and failure events that are
combined to produce various outcomes.
This quantitative method identifies the
spectrum and severity of possible
outcomes and determines their likelihood.
Probabilistic Risk A Probabilistic Risk Assessment (PRA) is a A detailed description of
Assessment (PRA) technique where the “Probability” as a this method can be found in
measure of the evidence (or uncertainty) is Guidelines for Chemical
used. It is an organized as a process for Process Quantitative Risk
answering the following three questions: Analysis, Center for
 What can go wrong? Chemical Process Safety,
 How likely is it to happen? American Institute of
 What are the consequences? Chemical Engineers, 1999.
Quantitative Risk QRA is a method to quantify the risk. Risk Benchmark exercise on risk
Assessment (QRA) is the combination of the probability of an assessment applied to a
event and its consequence (ISO/IEC Guide hydrogen refuelling station
73). In other words, the risk is the http://conference.ing.unipi.
combination of the probability of it/ichs2009/images/stories/
occurrence of harm and the severity of papers/246.pdf
that harm (where harm is physical injury or Risk assessment
damage to the health of people or damage methodology for onboard
to property or the environment). hydrogen storage:
https://doi.org/10.1016/j.ij
hydene.2018.01.195
Hydrogen Safety Application of scientific and engineering Fundamentals of Hydrogen
Engineering principles to the protection of life, Safety Engineering (free
property and environment from adverse download eBook,
effects of incidents/accidents involving www.bookboon.com,
hydrogen. search “hydrogen”)
42
A comprehensive risk assessment requires safety vulnerability and hazard identification, risk quantification
and acceptance criteria. So, typically methods from the above table are combined and eventually extended
by state-of-the-art consequence modelling and risk acceptance criteria.
However, there are obvious limitations in the availability of probabilities, e.g. failure rates of system
elements, for emerging technologies such as hydrogen technologies. Real quantitative risk assessments
suffer from this gap. For critical cases, rather a deterministic approach should be taken, which tries to
identify credible worst-case scenarios and tries to mitigate and minimise the consequences to acceptable
levels.
The actual selection of methods should depend on the status of the project and the actual inventories of
hydrogen handled. It should be noted that identification of hazards and associated risks does not close
safety issues and proper hydrogen safety engineering of the system should be undertaken where
appropriate. The proposed methods are further detailed below.
Hazard and Operability Analysis (HAZOP)
The HAZOP technique is a structured and systematic examination of a product, process, procedure or an
existing or planned system. It is a qualitative technique for the identification of safety vulnerabilities and
hazards based on the combination of guide words and parameters of the system, process or product under
consideration. It answers the question of how design intent or operating conditions may fail to be achieved
at each step of the design process or technique. The guide words must always be appropriately selected
for the process which is analysed and additional guide words can be used.
Table A4-2. Guide word method in HAZOP (ISO 31010:2011).
The formal application of this procedure shall make sure that no potential deviation, hazard respectively,
is overlooked.
The figure below shows a very small excerpt from the results of a HAZOP conducted for the storage unit
in a hydrogen filling station. The excerpt focuses on the communication line between compressor and
storage vessel, labelled “Node P1” and deviations of the hydrogen flow rate parameter.
43
Figure A4-1: Example of a HAZOP result for one “node” of a hydrogen refuelling station (Source: RISK
ANALYSIS OF THE STORAGE UNIT IN A HYDROGEN REFUELLING STATION, M. Casamirra et al.).
The analysis was extended by considerations about cause, consequence and protection. This task might
be shifted rather to a dedicated FMEA.
Risk Binning Matrix
Risk binning is a semi-quantitative analysis tool used to classify vulnerabilities or risks in particular when
reliable statistics and probabilistic data is lacking. Each vulnerability can be assigned a qualitative risk using
a frequency-consequence matrix, such as the example shown below. The highest consequences are
generally assigned to events that could reasonably result in an unintended sudden release of large
hydrogen inventories, possibly associated with the failure of a pressure vessel, leading to the destruction
of equipment and/or facilities, fatalities or injury to people.
This qualitative risk analysis cannot be used for judgement of risk acceptance but could help to identify
the weak points in the technology, system, process or infrastructure that can be addressed by safety
engineering design.
The figure below and the respective consequence and likelihood categories are taken from a deliverable
of the IDEALHY project.
44
Figure A4-2: Example for a Qualitative Risk Matrix (QRM) binning of 60 events with 1093 cases for LH2
transport and storage at a refuelling station (Field colour green: Low Risk, yellow: Medium Risk, red: High
Risk).
The chosen likelihood categories are:

1: Extremely Unlikely (about 10-9 per year)
2: Unlikely (about 10-7 per year)
3: Possible (about 10-5 per year)
4: Very Possible (about 10-3 per year)
5: Probable (about 10-1 per year)
and the consequence categories:

1: Slight Effect (slight injury or health effect, no damage)
2: Minor Injury (minor injury or health effect, minor damage)
3: Major Injury (major injury or health effect, moderate damage)
4: Up to 3 fatalities (or permanent disability, major damage)
5: More than 3 fatalities (or massive damage)
45
Remark: There are different ways of splitting likelihood and consequence into categories giving finer or
coarser scales. One example for a more sophisticated consequence categorisation is the „European scale
of industrial accidents”12. As the latter is rather designed for large industrial scale and risk binning is still in
fact a qualitative method, in the order of 5 categories for likelihood and consequence seem to be
appropriate for typical projects.
For the cases with high risk (red coloured cells in Figure A4-) typically mitigating measures have to be
taken. Thus, hydrogen safety engineering should be undertaken to develop or apply already available
mitigation measures.
Failure Mode and Effect Analysis (FMEA)

FMEA was one of the first highly structured, systematic techniques for failure analysis. It was developed
by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military
and aeronautic systems. An FMEA involves reviewing as many components, assemblies, and subsystems
as possible to identify failure modes, causes, effects, probabilities and potentials for early detection. For
each potential failure the effects, probabilities and – in case – the likelihood of early detection have to be
quantified along with respective scales and then recorded in a specific FMEA worksheet. An example of
such a worksheet with a relatively high quantitative character is shown in 3.
Figure A4-3: Example for an FMEA worksheet.
In the report “FMEA for Hydrogen Fueling Options” a much more simplified worksheet has been used. A4-
4 shows an excerpt of the section of this FMEA, which is dealing with the risk of an electrolyser producing
hydrogen onsite at the fuelling station. This figure demonstrates that this FMEA has a qualitative character.
12
https://www.aria.developpement-durable.gouv.fr/in-case-of-accident/european-scale-of-industrial-
accidents/?lang=en
46
Figure A4-4: Excerpt of an FMEA assessing risks of electrolysis as a part of Hydrogen Fuelling Options.
47
Appendix 5. Safety plan checklist
This checklist is a summary of desired elements for safety plans. The checklist is intended to help
project teams verify that their safety plan addresses the important elements and can be a valuable
tool over the life of the project. The items below should not be considered as an exhaustive list of
safety considerations for all projects. Additionally, all project phases should be addressed in each
section as applicable (design, installation/commissioning, operations, maintenance, and
decommissioning).
Element The Safety Plan Should Describe
Description of Activities  Nature of the activities being performed

Organisational Policies and  Application of safety-related policies and procedures to the
Procedures activities being performed
Hydrogen and Fuel Cell  How previous organizational experience with hydrogen
Experience technologies and related work is applied to this project
Safety Reviews  Applicable safety reviews beyond the ISV described below
Identification of Safety  What is the ISV methodology applied to this project, such as
Vulnerabilities (ISV) Checklist, What If, HAZOP, FMEA, Fault Tree, Event Tree,
Probabilistic Risk Assessment, QRA, hydrogen safety
engineering, or other methods
 Who leads and stewards the use of the ISV methodology
 Significant accident scenarios identified
 Significant vulnerabilities identified
 Safety-critical equipment
 Storage and handling of hazardous materials and related
topics
o ignition sources, explosion hazards
o materials interactions
o possible leakage and accumulation
o detection
 Hydrogen handling systems
o supply, storage, and distribution systems
o volumes, pressures, estimated use rates
 Additional Documentation provided (see the section below)
Hazards and Associated Risk  Prevention and mitigation measures
Reduction Plan
Procedures  Procedures applicable for the location and performance of
the work including sample handling and transport
 Operating steps that need to be written for the particular
project: critical variables, their acceptable ranges, and
responses to deviations from them
48
Element The Safety Plan Should Describe
Equipment and  Initial testing and commissioning
Mechanical  Preventative maintenance plan
Integrity  Calibration of sensors
 Test/inspection frequency basis
 Documentation
Management of  The system and/or procedures used to review proposed changes to
Change Procedures materials, technology, equipment, procedures, personnel, and facility
operation for their effect on safety vulnerabilities
Project Safety  How needed safety information is communicated and made available
Documentation to all participants, including partners. Safety information includes the
ISV documentation, procedures, references such as handbooks and
standards, and safety review reports
Personnel Training  Required general safety training - initial and refresher (CPD)
 Hydrogen-specific and hazardous material training - initial and
refresher
 How the organization stewards training participation and verifies
understanding
Safety Events and  The reporting procedure within the team
Lessons Learned  The system and/or procedure used to investigate events
 How corrective measures will be implemented
 How lessons learned from incidents and near-misses are documented
and disseminated
Emergency  The plan/procedures for responses to emergencies
Response  Plans for communication and interaction with local emergency
response officials
Self-Audits  How the team will verify that safety-related procedures and practices
are being followed throughout the life of the project
Safety Plan Approval  Safety plan review and approval process
Additional  The layout of the system at the planned location

Documentation  Flow diagram (see Appendix 6 for an example)
 Codes and standards discussion
 Equipment component descriptions
 Critical safety and shutdown table (see Appendix 6 for an example)
Other Comments or  Any information on topics not covered above
Concerns
49
Appendix 6. Example of a safety plan
A hydrogen fuelling station will be taken as an example for the Safety Plan. The Safety Plan
contains the following details:
1. Nature of the work being performed
2. Organizational policies and procedures
3. Identification of Safety and Vulnerabilities (ISV)
4. Risk reduction plan
5. Operating procedures
6. Equipment and mechanical integrity
7. Management of procedures
8. Project safety documentation
9. Personnel training
10. Safety reviews
11. Safety Events and Lessons Learned
12. Emergency response
13. Self-audits
The main components of the fuelling station are described in the schematic below. The main
safety components are highlighted in colours.
(6)
(12)
LM
(1)
Liq-H2 (14)
(9)
(13) (10) H2-Gas
(6) (6)
TM TM
(3) FM
(5) (4) (5) (5) (5)
(13) (10)
(7) (8)
Filling
(5) (1)-Liquid H2 storage (9) Dispenser (14) Pressure build-up evaporator
(11)
(3) Intermediate storage (10) Delivery hose (LM) Level measurement
(4) Evaporator (11) Off-loading hose (FM) Flow measurement
(5) Shut-off valve as Emergency
(12) Pressure regulator (TM) temperature measurement
shutdown facility (ESD)
(6) Safety valve
(13) Breakway coupling
(7) Compressor
(8) Chiller
Figure A6-1: Schematic components of a Hydrogen fuelling station with liquid H2 supplied using a
tank car (adapted from P.G.J.Timmers and G. Stam ICHS 2017)
For illustration, the Emergency response (point 12 in the list above) will be developed in the following.
In case of an emergency, the facility must be shut down automatically. To ensure that the shutdown
is complete, the facility must be equipped with an emergency shutdown facility which includes shut-
off valves. Examples of different scenarios that lead to a shutdown are reported in Table A6-1.
For the Equipment Shutdown, the following steps must be taken:
 stop to fill,
 isolate the valves to the dispenser (Shut-off valves (5) in Figure A6-1),
 and contact system operator
For the Site shutdown scenario, the following steps must be taken:
 stop to fill,
 isolate storages (1) and (3),
 Isolate the Shut-off valves (5),
 shutdown compressor (7),
 and contact the fire department or/and system operator
50
Table A6-1. Example of a shutdown emergency.
Intermediate storage (3)
Site shutdown scenario

Equipment shutdown
Offloading hose (11)
LH2 storage unit (1)
Delivery hose (10)

Pressure build up
Evaporator (14)
Compressor (7)
Evaporator (4)
Dispenser (9)
Chiller (8)
scenario
Equipment/Alarms
Emergency shutdown facility (ESD) ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓

Pressure regulator ✓ ✓ NA NA
Breakaway coupling ✓ ✓
Level measurement ✓ ✓ ✓
Flow measurement ✓ ✓
Temperature measurement ✓ ✓ ✓
Flame detection ✓ ✓ ✓ ✓ ✓ ✓
Leak detection ✓
Hose break ✓ ✓ ✓
Mechanical ventilation ✓ ✓
Safety valve / Mechanical relief devices ✓ ✓ ✓ NA NA
Atmospheric vent ✓ NA NA
For each of the components listed above, a procedure should be identified according to the regulation.
Documentation must be assembled and provided to the users. The general description must be
supplemented with the specific regulations (for example for pressure vessels, low-temperature
equipment, etc.).
The implementation of the refilling station must identify the safety procedures and the timeline of
their applications. The identification of the procedures and the project phases for which they apply is
mandatory in a safety plan. An example is summarized in the following table.
Table A6-2. Procedures and Their Applicable Project Phases.
Installation &
Procedures Design Operation Maintenance
commissioning
Emergency Planning and Management ✓ ✓

Emergency Response Operations ✓ ✓
Energy Isolation ✓ ✓
Equipment/Line Opening and Clearing ✓ ✓
ESD procedure ✓ ✓ ✓
Fire and Hydrogen Detection Systems ✓ ✓ ✓ ✓
Grounding Design and Procedures ✓ ✓ ✓
Hazardous Enclosures ✓ ✓ ✓ ✓
Hose Change out Requirements ✓
Leak Detection and Repair ✓ ✓
Lockout/Tag ✓ ✓ ✓ ✓
51
Management of Change ✓ ✓ ✓ ✓
Mechanical Integrity ✓ ✓ ✓ ✓
Operational Readiness Inspection ✓
Personal Protective Equipment ✓ ✓ ✓
Planned Inspection and Maintenance ✓
Project Documentation, Retention and
Sharing Requirements
✓ ✓ ✓ ✓
Project Hazard Review Process ✓ ✓

Purging Flammable Systems ✓ ✓ ✓
Relief Device Testing and Inspection ✓ ✓
Risk Analysis ✓ ✓
Safety Integrity Level Design Criteria ✓
Safety Signs ✓ ✓ ✓ ✓
Testing of Safety Barriers/Equipment ✓ ✓
Training Requirements and Procedures ✓ ✓ ✓ ✓
Welding and Brazing Safety ✓ ✓
52

Safety Planning Implementation and Reporting For EU Projects-Final

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Safety Planning Implementation and Reporting For EU Projects-Final

Uploaded by

Copyright:

Available Formats

FUEL CELLS AND HYDROGEN 2 JOINT UNDERTAKING

SAFETY PLANNING AND MANAGEMENT IN EU HYDROGEN

Version Release date Description

2 CONTENT OF SAFETY PLAN .............................................................................................. 2

2.1 Objectives .................................................................................................................................................. 2

2.2 An exemplary table of content of a safety plan ......................................................................................... 3

3 PREPARATION OF SAFETY PLAN ...................................................................................... 4

3.1 Project brief ............................................................................................................................................... 5

3.2 Description of technical hydrogen safety activities .................................................................................... 7

3.3 Description of organisational safety activities ........................................................................................... 8

4 SAFETY PLAN IMPLEMENTATION, MONITORING AND REPORTING .................................. 14

4.1 Performing safety reviews ....................................................................................................................... 14

4.2 Implementation of hydrogen safety engineering process ........................................................................ 15

4.3 Examples of best practices in hydrogen safety engineering ..................................................................... 18

5 EUROPEAN HYDROGEN SAFETY PANEL ........................................................................... 23

Appendix 1. Hydrogen safety terminology and abbreviations .............................................................................. 24

Appendix 2. Applicable Regulations, Codes and Standards .................................................................................. 29

Appendix 3. Known best practices to implement safety strategies ...................................................................... 38

Appendix 5. Safety plan checklist ......................................................................................................................... 48

Appendix 6. Example of a safety plan ................................................................................................................... 50

2.2 An exemplary table of content of a safety plan

3 PREPARATION OF SAFETY PLAN

3.1.4 Relevant RCS

3.3.3 Personnel training and education plan

4 SAFETY PLAN IMPLEMENTATION, MONITORING AND REPORTING

4.1 Performing safety reviews

4.2 Implementation of hydrogen safety engineering process

The following TSSs can be considered:

4.3 Examples of best practices in hydrogen safety engineering

4.4 Project safety documentation

Accident An unforeseen and unplanned event or circumstance causing loss or injury.

Figure A2-1: Hierarchy of Regulations, Standards and Codes.

The chosen likelihood categories are:

and the consequence categories:

Failure Mode and Effect Analysis (FMEA)

Figure A4-3: Example for an FMEA worksheet.

Element The Safety Plan Should Describe

Description of Activities  Nature of the activities being performed

Additional  The layout of the system at the planned location

Intermediate storage (3)

Site shutdown scenario

Delivery hose (10)

Emergency shutdown facility (ESD) ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓

Emergency Planning and Management ✓ ✓

Project Hazard Review Process ✓ ✓

You might also like